STIGQter: STIG Summary: IBM Hardware Management Console (HMC) STIG Version: 1 Release: 5 Benchmark Date: 20 Jan 2015:

The password values must be set to meet the requirements in accordance with DoDI 8500.2 for DoD information systems processing sensitive information and above, and CJCSI 6510.01E (INFORMATION ASSURANCE (IA) AND COMPUTER NETWORK DEFENSE (CND)).

DISA Rule

SV-30028r2_rule

Vulnerability Number

V-24360

Group Title

HMC0140

Rule Version

HMC0140

Severity

CAT II

CCI(s)

• CCI-000192 - The information system enforces password complexity by the minimum number of upper case characters used.
• CCI-000193 - The information system enforces password complexity by the minimum number of lower case characters used.
• CCI-000194 - The information system enforces password complexity by the minimum number of numeric characters used.
• CCI-000195 - The information system, for password-based authentication, when new passwords are created, enforces that at least an organization-defined number of characters are changed.
• CCI-000205 - The information system enforces minimum password length.
• CCI-001619 - The information system enforces password complexity by the minimum number of special characters used.

Weight

10

Fix Recommendation

Have the System Administrator validate that the settings in the Password Profiles Window meet the following specifications:

Passwords are a minimum of fourteen (14) characters in length.

Passwords are to be a mix of upper and lower-case alphabetic, numeric, and special characters, including at least one of each. Special characters include the national characters (i.e., @, #, and $) and other non-alphabetic and non-numeric characters typically found on a keyboard.

Each character of the password is to be unique, prohibiting the use of repeating characters.

Passwords are to contain no consecutive characters (e.g., 12, AB, etc.).

Check Contents

Have the System Administrator display the Password Profile Task window on the Hardware Management Console and check that:

Passwords are to be a minimum of fourteen (14) characters in length.

Passwords are to be a mix of upper- and lower-case alphabetic, numeric, and special characters, including at least one of each. Special characters include the national characters (i.e., @, #, and $) and other non-alphabetic and non-numeric characters typically found on a keyboard.

Each character of the password is to be unique, prohibiting the use of repeating characters.

Passwords are to contain no consecutive characters (e.g., 12, AB, etc.).

If the Password Profile does not have the specifications for the above options then this is a FINDING.

Vulnerability Number

V-24360

Documentable

False

Rule Version

HMC0140

Severity Override Guidance

Have the System Administrator display the Password Profile Task window on the Hardware Management Console and check that:

Passwords are to be a minimum of fourteen (14) characters in length.

Passwords are to be a mix of upper- and lower-case alphabetic, numeric, and special characters, including at least one of each. Special characters include the national characters (i.e., @, #, and $) and other non-alphabetic and non-numeric characters typically found on a keyboard.

Each character of the password is to be unique, prohibiting the use of repeating characters.

Passwords are to contain no consecutive characters (e.g., 12, AB, etc.).

If the Password Profile does not have the specifications for the above options then this is a FINDING.

Check Content Reference

M

Responsibility

Systems Programmer

Target Key

1891

Comments