Check: RACF-ES-000860
IBM z/OS RACF STIG:
RACF-ES-000860
(in versions v8 r14 through v8 r11)
Title
IBM Passtickets must be configured to be KeyEncrypted. (Cat II impact)
Discussion
Passwords such as IBM Passtickets need to be protected at all times, and encryption is the standard method for protecting such passwords. If passwords are not encrypted, they may be plainly read (i.e., clear text) and easily compromised.
Check Content
From the ISPF Command Shell enter: RList PTKTDATA * SSIGNON NORACF If any profile is not defined as KEYENCRYPTED, this is a finding.
Fix Text
Ensure that all Passticket profiles are configured to be KeyEncrypted.
Additional Identifiers
Rule ID: SV-257135r904403_rule
Vulnerability ID: V-257135
Group Title: SRG-OS-000073-GPOS-00041
Expert Comments
Expert comments are only available to logged-in users.
CCIs
CCIs tied to check.
| Number | Definition |
|---|---|
| CCI-000196 |
The information system, for password-based authentication, stores only cryptographically-protected passwords. |
Controls
Controls tied to check. These are derived from the CCIs shown above.
| Number | Title |
|---|---|
| IA-5 (1) |
Password-Based Authentication |