UCF STIG Viewer Logo
Changes are coming to https://stigviewer.com. Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey

The IBM RACF SETROPTS PASSWORD(MINCHANGE) value must be set to 1.


Overview

Finding ID Version Rule ID IA Controls Severity
V-98159 RACF-ES-000790 SV-107263r1_rule Medium
Description
Enforcing a minimum password lifetime helps to prevent repeated password changes to defeat the password reuse or history enforcement requirement. If users are allowed to immediately and continually change their password, then the password could be repeatedly changed in a short period of time to defeat the organization's policy regarding password reuse.
STIG Date
IBM z/OS RACF Security Technical Implementation Guide 2020-06-29

Details

Check Text ( C-96995r1_chk )
From the ISPF Command Shell enter:
SETRopts List

If the PASSWORD(MINCHANGE) value shows PASSWORD MINIMUM CHANGE INTERVAL IS <1> DAYS, this is not a finding.
Fix Text (F-103835r1_fix)
Configure PASSWORD(MINCHANGE) SETROPTS value number to "1". This specifies the number of days that must pass before a user can change their password.

Evaluate the impact associated with implementation of the control option. Develop a plan of action to implement the control option as specified in the example below:

The RACF Command SETR LIST will show the status of RACF Controls including PASSWORD MINCHANGE. Use the following command as an example command:
SETROPTS PASSWORD(MINCHANGE(1))