Finding ID | Version | Rule ID | IA Controls | Severity |
---|---|---|---|---|
V-98159 | RACF-ES-000790 | SV-107263r1_rule | Medium |
Description |
---|
Enforcing a minimum password lifetime helps to prevent repeated password changes to defeat the password reuse or history enforcement requirement. If users are allowed to immediately and continually change their password, then the password could be repeatedly changed in a short period of time to defeat the organization's policy regarding password reuse. |
STIG | Date |
---|---|
IBM z/OS RACF Security Technical Implementation Guide | 2020-06-29 |
Check Text ( C-96995r1_chk ) |
---|
From the ISPF Command Shell enter: SETRopts List If the PASSWORD(MINCHANGE) value shows PASSWORD MINIMUM CHANGE INTERVAL IS <1> DAYS, this is not a finding. |
Fix Text (F-103835r1_fix) |
---|
Configure PASSWORD(MINCHANGE) SETROPTS value number to "1". This specifies the number of days that must pass before a user can change their password. Evaluate the impact associated with implementation of the control option. Develop a plan of action to implement the control option as specified in the example below: The RACF Command SETR LIST will show the status of RACF Controls including PASSWORD MINCHANGE. Use the following command as an example command: SETROPTS PASSWORD(MINCHANGE(1)) |