CA-ACF2 must prevent the use of dictionary words for passwords.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
| V-223477 | ACF2-ES-000590 | SV-223477r1001097_rule | CCI-004061 | medium |
| Description | ||||
| If the operating system allows the user to select passwords based on dictionary words, then this increases the chances of password compromise by increasing the opportunity for successful guesses and brute-force attacks. | ||||
| STIG | Date | |||
| IBM z/OS ACF2 Security Technical Implementation Guide | 2025-06-24 | |||
Details
Check Text (C-223477r1001097_chk)
From the ISPF Command Shell enter:
ACF to enter ACF2 Command shell
enter SHOW STATE
If "PSWDRSV = NO", this is a finding.
If "PSWDRSVW = NO", this is a finding.
SHOW PSwdopts
Reserved Words and Prefixes
APPL APR ASDF AUG BASIC
CADAM DEC DEMO FEB FOCUS
GAME IBM JAN JUL JUN
LOG MAR MAY NET NEW
NOV OCT PASS ROS SEP
SIGN SYS TEST TSO VALID
VTAM XXX 1234
Fix Text (F-25138r500564_fix)
Configure the GSO record to include PSWDRSV and PSWDRSVW.