STIGQter: STIG Summary: IBM Hardware Management Console (HMC) STIG Version: 1 Release: 5 Benchmark Date: 20 Jan 2015:

Maximum failed password attempts before disable delay must be set to 3 or less.

DISA Rule

SV-30027r2_rule

Vulnerability Number

V-24359

Group Title

HMC0130

Rule Version

HMC0130

Severity

CAT II

CCI(s)

• CCI-000044 - The information system enforces the organization-defined limit of consecutive invalid logon attempts by a user during the organization-defined time period.

Weight

10

Fix Recommendation

The System Administrator will display the User Properties window on the Hardware Management Console for each user and verify that the maximum attempts before disable delay is set to 3 or less and will update them if this is not true.

Maximum Failed Attempts and Disable Delay are found in User Profiles by selecting the user, selecting modify user and then selecting User Properties.

Check Contents

Have the System Administrator display the maximum failed attempts on the user properties table on the Hardware Management Console before disable delay is invoked.

Maximum Failed Attempts and Disable Delay are found in User Profiles by selecting the user, selecting modify user and then selecting User Properties.

If the Maximum failed attempts before disable delay is invoked is set at greater than 3, then this is a FINDING.

Vulnerability Number

V-24359

Documentable

False

Rule Version

HMC0130

Severity Override Guidance

Have the System Administrator display the maximum failed attempts on the user properties table on the Hardware Management Console before disable delay is invoked.

Maximum Failed Attempts and Disable Delay are found in User Profiles by selecting the user, selecting modify user and then selecting User Properties.

If the Maximum failed attempts before disable delay is invoked is set at greater than 3, then this is a FINDING.

Check Content Reference

M

Responsibility

Systems Programmer

Target Key

1891

Comments