IBM z/OS TSS STIG Version Comparison
IBM z/OS TSS Security Technical Implementation Guide
Comparison
There are 9 differences between versions v9 r2 (Oct. 24, 2024) (the "left" version) and v9 r4 (April 2, 2025) (the "right" version).
Check TSS0-ES-000070 was removed from the benchmark in the "right" version. The text below reflects the old wording.
This check's original form is available here.
Text Differences
Title
The CA-TSS NPPTHRESH Control Option must be properly set.
Check Content
From the ISPF Command Shell enter: TSS MODIFY STATUS If the PTHRESH Control Option value is not set to NPPTHRESH(02), this is a finding.
Discussion
By limiting the number of failed logon attempts, the risk of unauthorized system access via user password guessing, otherwise known as brute-force attacks, is reduced. Limits are imposed by locking the account.
Fix
Evaluate the impact associated with implementation of the control option. Develop a plan of action to implement the control option setting as specified following and proceed with the change. NPPTHRESH(02)