STIGQter: STIG Summary: IBM z/OS ACF2 Security Technical Implementation Guide Version: 8 Release: 2 Benchmark Date: 23 Apr 2021:

CA-ACF2 PWPHRASE GSO record must be properly defined.

DISA Rule

SV-223499r695422_rule

Vulnerability Number

V-223499

Group Title

SRG-OS-000266-GPOS-00101

Rule Version

ACF2-ES-000810

Severity

CAT II

CCI(s)

• CCI-001619 - The information system enforces password complexity by the minimum number of special characters used.

Weight

10

Fix Recommendation

Configure the PWPHRASE GSO values to be set to the values specified.

Ensure the GSO PWPHRASE record values conform to the following requirements:

ALPHA(1 or greater)
HISTORY(10-32)
MAXDAYS(1-60)
MINDAYS(1)
MINLEN(15-100)
NUMERIC(1 or greater)
SPECIAL(1 or greater)
SPECLIST(character list)
WARNDAYS(1-10)

Note: The SPECLIST special characters will be specified at a minimum. Characters will conform to the allowable list defined in CA ACF2 for z/OS Administration Guide.

Example:
SET C(GSO)
INSERT PWPHRASE NOALLOW ALPHA(1) HISTORY(10) MAXDAYS(60) MINDAYS(1) MINLEN(15) NUMERIC(1) SPECIAL(1) SPECLIST(& * =) WARNDAYS(10)

F ACF2,REFRESH(PWPHRASE)

Check Contents

From the ISPF Command Screen enter:
ACF
SET CONTROL(GSO)
LIST PWPHRASE
If the following options are in effect, this is not a finding.

If any of the options deviate from the following, this is a finding.

The GSO PWPHRASE record will conform to the following requirements.

ALPHA(1 or greater)
HISTORY(10-32)
MAXDAYS(1-60)
MINDAYS(1)
MINLEN(15-100)
NUMERIC(1 or greater)
SPECIAL(1 or greater)
SPECLIST(character list)
WARNDAYS(1-10)

Note: The SPECLIST special characters will be specified at a minimum. Characters will conform to the allowable list defined in CA ACF2 for z/OS Administration Guide.

Vulnerability Number

V-223499

Documentable

False

Rule Version

ACF2-ES-000810

Severity Override Guidance

From the ISPF Command Screen enter:
ACF
SET CONTROL(GSO)
LIST PWPHRASE
If the following options are in effect, this is not a finding.

If any of the options deviate from the following, this is a finding.

The GSO PWPHRASE record will conform to the following requirements.

ALPHA(1 or greater)
HISTORY(10-32)
MAXDAYS(1-60)
MINDAYS(1)
MINLEN(15-100)
NUMERIC(1 or greater)
SPECIAL(1 or greater)
SPECLIST(character list)
WARNDAYS(1-10)

Note: The SPECLIST special characters will be specified at a minimum. Characters will conform to the allowable list defined in CA ACF2 for z/OS Administration Guide.

Check Content Reference

M

Target Key

4100

Comments