UCF STIG Viewer Logo

The CA-ACF2 PSWD GSO record values for MAXTRY and PASSLMT must be properly set.


Overview

Finding ID Version Rule ID IA Controls Severity
V-223462 ACF2-ES-000430 SV-223462r533198_rule Medium
Description
By limiting the number of failed logon attempts, the risk of unauthorized system access via user password guessing, otherwise known as brute-forcing, is reduced. Limits are imposed by locking the account.
STIG Date
IBM z/OS ACF2 Security Technical Implementation Guide 2022-06-22

Details

Check Text ( C-25135r500518_chk )
From an ACF command screen enter:
SET CONTROL(GSO)
SHOW PSwdopts

If "MAXTRY" is set to "3", this is not a finding.

If "PASSLMT" is set to "3", this is not a finding.
Fix Text (F-25123r500519_fix)
Configure the GSO option "MAXTRY" to equal "3".
Configure the GSO option "PASSLMT" to equal "3".