STIGQter: STIG Summary: IBM Hardware Management Console (HMC) STIG Version: 1 Release: 5 Benchmark Date: 20 Jan 2015:

A maximum of 60-minute delay must be specified for the password retry after 3 failed attempts to enter your password

DISA Rule

SV-31588r2_rule

Vulnerability Number

V-25404

Group Title

HMC0135

Rule Version

HMC0135

Severity

CAT III

CCI(s)

• CCI-002238 - The information system automatically locks the account or node for either an organization-defined time period, until the locked account or node is released by an administrator, or delays the next logon prompt according to the organization-defined delay algorithm when the maximum number of unsuccessful logon attempts is exceeded.

Weight

10

Fix Recommendation

The System Administrator will display the User Properties window on the Hardware Management Console for each user and verify that the disable delay is set to 60 or more.

Maximum Failed Attempts and Disable Delay are found in User Profiles by selecting the user, selecting modify user and then selecting User Properties.

Check Contents

Have the System Administrator display the Disable delay in minutes.

Disable Delay is found in User Profiles by selecting the user, selecting modify user and then selecting User Properties.

If this is les than 60 minutes then this is a finding.

Note: Hardware Management Console does not have the ability to revoke a user ID, so a 60-minute delay has been imposed instead.

Vulnerability Number

V-25404

Documentable

False

Rule Version

HMC0135

Severity Override Guidance

Have the System Administrator display the Disable delay in minutes.

Disable Delay is found in User Profiles by selecting the user, selecting modify user and then selecting User Properties.

If this is les than 60 minutes then this is a finding.

Note: Hardware Management Console does not have the ability to revoke a user ID, so a 60-minute delay has been imposed instead.

Check Content Reference

M

Responsibility

Systems Programmer

Target Key

1891

Comments