STIGQter: STIG Summary: Mainframe Product Security Requirements Guide Version: 1 Release: 4 Benchmark Date: 24 Jan 2020:

The Mainframe Product must automatically lock the account until the locked account is released by an administrator when three unsuccessful logon attempts in 15 minutes are exceeded.

DISA Rule

SV-82667r1_rule

Vulnerability Number

V-68177

Group Title

SRG-APP-000345-MFP-000094

Rule Version

SRG-APP-000345-MFP-000094

Severity

CAT II

CCI(s)

CCI-002238 - The information system automatically locks the account or node for either an organization-defined time period, until the locked account or node is released by an administrator, or delays the next logon prompt according to the organization-defined delay algorithm when the maximum number of unsuccessful logon attempts is exceeded.

Weight

Fix Recommendation

Configure the Mainframe Product account management settings to automatically lock the account until the locked account is released by an administrator when three unsuccessful logon attempts in 15 minutes are exceeded.

Check Contents

If the Mainframe Product has no function or capability for user logon, this is not applicable.

If the Mainframe Product employs an external security manager for all account management functions, this is not applicable.

Examine Mainframe Product configuration settings.

Verify that the Mainframe Product account management setting automatically locks the account until the locked account is released by an administrator when three unsuccessful logon attempts in 15 minutes are exceeded. If it does not, this is a finding.

The Mainframe Product must automatically lock the account until the locked account is released by an administrator when three unsuccessful logon attempts in 15 minutes are exceeded.

DISA Rule

Vulnerability Number

Group Title

Rule Version

Severity

CCI(s)

Weight

Fix Recommendation

Check Contents

Vulnerability Number

Documentable

Rule Version

Severity Override Guidance

Check Content Reference

Target Key

Comments