Changes are coming to https://stigviewer.com.
Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey
The IBM z/VM JOURNALING LOGON parameter must be set for lockout after 3 attempts for 15 minutes.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| V-237900 | IBMZ-VM-000040 | SV-237900r858930_rule | Medium |
| Description |
|---|
| By limiting the number of failed logon attempts, the risk of unauthorized system access via user password guessing, otherwise known as brute-force attacks, is reduced. Limits are imposed by locking the account. |
| STIG | Date |
|---|---|
| IBM zVM Using CA VM:Secure Security Technical Implementation Guide | 2022-08-31 |
Details
| Check Text ( C-41110r858928_chk ) |
|---|
| Display the System Configuration File. If the "JOURNALING" statement is set to: Facility ON LOGON Lockout after three attempts for 15 minutes, this is not a finding. Note: Site may set Lockout value at 0, this will require system administrator action for reset. Issue "QUERY JOURNAL" command. If the response is as follows this is not a finding: Journal: LOGON-on |
| Fix Text (F-41069r858929_fix) |
|---|
| Configure the System Configuration "JOURNALING" statement to: Facility ON LOGON Lockout after 3 attempts for 15 minutes or 0 if system administrator action is desired. |