IBM Hardware Management Console (HMC) STIG Version Comparison

There are 4 differences between versions v1 r5 (Jan. 20, 2015) (the "left" version) and v2 r1 (July 24, 2024) (the "right" version).

Check HMC0110 was changed between these two versions. Green, underlined text was added, red, struck-out text was removed.

The regular view of the left check and right check may be easier to read.

Title

The PASSWORD History Count value must be set to 10 or greater.

Check Content

Have the System system Administrator administrator (SA) display the Password Profile Task window on the Hardware Management Console and validate that the History Count is set to 10. If the History Count is less than 10, then this is a FINDING. . finding.

Discussion

History Count specifies the number of previous passwords saved for each USERID and compares it with an intended new password. If there is a match with one of the previous passwords, or with the current password, it will reject the intended new password. The improper setting of any of these fields, individually or in combination with another, can compromise the security of the processing environment.

Fix

Have the SA System Administrator go into the Password Profile and set the History Count to 10 or greater.