Navigate

Check: TSS0-ES-000160

IBM z/OS TSS STIG: TSS0-ES-000160 (in versions v8 r13 through v7 r1)

Title

The CA-TSS PPEXP Control Option must be properly set. (Cat II impact)

Discussion

Any password, no matter how complex, can eventually be cracked. Therefore, passwords need to be changed periodically. If the operating system does not limit the lifetime of passwords and force users to change their passwords, there is the risk that the operating system passwords could be compromised.

Check Content

From the ISPF Command Shell enter: TSS MODIFY STATUS If the PPEXP Control Option will conform to the following requirements, this is not a finding. PPEXP(60)

Fix Text

Configure the PPEXP Control Option value to conform to the following requirements. PPEXP(60) Example: TSS MODIFY PPEXP(60)

Additional Identifiers

Rule ID: SV-223889r877730_rule

Vulnerability ID: V-223889

Group Title: SRG-OS-000076-GPOS-00044

Expert Comments

Expert comments are only available to logged-in users.

CCIs

CCIs tied to check.

Number	Definition
CCI-000199	The information system enforces maximum password lifetime restrictions.

Controls

Controls tied to check. These are derived from the CCIs shown above.

Number	Title
IA-5 (1)	Password-Based Authentication