STIGQter: STIG Summary: IBM z/OS ACF2 Security Technical Implementation Guide Version: 8 Release: 2 Benchmark Date: 23 Apr 2021:

The operating system must enforce a minimum 8-character password length.

DISA Rule

SV-223516r695451_rule

Vulnerability Number

V-223516

Group Title

SRG-OS-000481-GPOS-000481

Rule Version

ACF2-ES-000990

Severity

CAT II

CCI(s)

• CCI-000205 - The information system enforces minimum password length.

Weight

10

Fix Recommendation

Configure the Password option "MINPSWD" to "8".

Check Contents

From an ACF command screen enter:
SET CONTROL(GSO)
LIST PSWD

If "MINPSWD" is set to "8", this is not a finding.

Vulnerability Number

V-223516

Documentable

False

Rule Version

ACF2-ES-000990

Severity Override Guidance

From an ACF command screen enter:
SET CONTROL(GSO)
LIST PSWD

If "MINPSWD" is set to "8", this is not a finding.

Check Content Reference

M

Target Key

4100

Comments