Finding ID | Version | Rule ID | IA Controls | Severity |
---|---|---|---|---|
V-223462 | ACF2-ES-000430 | SV-223462r853526_rule | Medium |
Description |
---|
By limiting the number of failed logon attempts, the risk of unauthorized system access via user password guessing, otherwise known as brute-forcing, is reduced. Limits are imposed by locking the account. |
STIG | Date |
---|---|
IBM z/OS ACF2 Security Technical Implementation Guide | 2023-12-18 |
Check Text ( C-25135r500518_chk ) |
---|
From an ACF command screen enter: SET CONTROL(GSO) SHOW PSwdopts If "MAXTRY" is set to "3", this is not a finding. If "PASSLMT" is set to "3", this is not a finding. |
Fix Text (F-25123r500519_fix) |
---|
Configure the GSO option "MAXTRY" to equal "3". Configure the GSO option "PASSLMT" to equal "3". |