STIGQter: STIG Summary: IBM Hardware Management Console (HMC) STIG Version: 1 Release: 5 Benchmark Date: 20 Jan 2015:

The PASSWORD expiration day(s) value must be set to equal or less then 60 days.

DISA Rule

SV-30026r2_rule

Vulnerability Number

V-24358

Group Title

HMC0120

Rule Version

HMC0120

Severity

CAT II

CCI(s)

• CCI-000199 - The information system enforces maximum password lifetime restrictions.

Weight

10

Fix Recommendation

Have the System Administrator go into the Password Profile and set the Expiration day(s) to equal or less then 60 days.

Check Contents

Have the System Administrator display the Password Profile Task window on the Hardware Management Console and validate that the Expiration day(s) is set to equal or less then 60 days.

If the Expiration day(s) is set to equal or less then 60 days, this is not a FINDING.

If the Expiration day(s) is greater than 60 days, then this is a FINDING.

Vulnerability Number

V-24358

Documentable

False

Rule Version

HMC0120

Severity Override Guidance

Have the System Administrator display the Password Profile Task window on the Hardware Management Console and validate that the Expiration day(s) is set to equal or less then 60 days.

If the Expiration day(s) is set to equal or less then 60 days, this is not a FINDING.

If the Expiration day(s) is greater than 60 days, then this is a FINDING.

Check Content Reference

M

Responsibility

Systems Programmer

Target Key

1891

Comments