UCF STIG Viewer Logo
Changes are coming to https://stigviewer.com. Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey

The Mainframe Product must store only cryptographically protected passwords.


Overview

Finding ID Version Rule ID IA Controls Severity
V-68385 SRG-APP-000171-MFP-000233 SV-82875r1_rule Medium
Description
Passwords need to be protected at all times and encryption is the standard method for protecting passwords. If passwords are not encrypted, they can be plainly read (i.e., clear text) and easily compromised. Applications must enforce password encryption when storing passwords.
STIG Date
Mainframe Product Security Requirements Guide 2019-10-08

Details

Check Text ( C-68915r1_chk )
If the Mainframe Product employs an external security manager (ESM) for all account management functions, this is not applicable.

Examine user account management configurations.

If the Mainframe Product account management configuration does not require that only cryptographically protected passwords are stored, this is a finding.
Fix Text (F-74499r1_fix)
Configure the Mainframe Product account management to store only cryptographically protected passwords.