STIGQter: STIG Summary: Mainframe Product Security Requirements Guide Version: 1 Release: 4 Benchmark Date: 24 Jan 2020:

The Mainframe Product must automatically disable accounts after 35 days of account inactivity.

DISA Rule

SV-82625r1_rule

Vulnerability Number

V-68135

Group Title

SRG-APP-000025-MFP-000038

Rule Version

SRG-APP-000025-MFP-000038

Severity

CAT II

CCI(s)

• CCI-000017 - The information system automatically disables inactive accounts after an organization-defined time period.

Weight

10

Fix Recommendation

Configure the Mainframe Product account management settings to automatically disable accounts after 35 days of account inactivity.

Check Contents

If the Mainframe Product employs an external security manager for all account management functions, this is not applicable.

Examine account management settings.

If the Mainframe Product automatically disables accounts after 35 days of inactivity, this is not a finding.

Vulnerability Number

V-68135

Documentable

False

Rule Version

SRG-APP-000025-MFP-000038

Severity Override Guidance

If the Mainframe Product employs an external security manager for all account management functions, this is not applicable.

Examine account management settings.

If the Mainframe Product automatically disables accounts after 35 days of inactivity, this is not a finding.

Check Content Reference

M

Target Key

3061

Comments