An error occurred:

Check: HMC0110

IBM Hardware Management Console (HMC) STIG: HMC0110 (in version v1 r5)

Title

The PASSWORD History Count value must be set to 10 or greater. (Cat II impact)

Discussion

History Count specifies the number of previous passwords saved for each USERID and compares it with an intended new password. If there is a match with one of the previous passwords, or with the current password, it will reject the intended new password. The improper setting of any of these fields, individually or in combination with another, can compromise the security of the processing environment.

Check Content

Have the System Administrator display the Password Profile Task window on the Hardware Management Console and validate that the History Count is set to 10. If the History Count is less than 10, then this is a FINDING. .

Fix Text

Have the System Administrator go into the Password Profile and set the History Count to 10 or greater.

Additional Identifiers

Rule ID: SV-30024r2_rule

Vulnerability ID: V-24356

Group Title: HMC0110

Expert Comments

Expert comments are only available to logged-in users.

CCIs

CCIs tied to check.
Number Definition
CCI-000200

The information system prohibits password reuse for the organization-defined number of generations.

Controls

Controls tied to check. These are derived from the CCIs shown above.
Number Title
IA-5 (1)

Password-Based Authentication