Check: IBMZ-VM-001020
IBM zVM STIG:
IBMZ-VM-001020
(in version v1 r0.1)
Title
The IBM z/VM JOURNALING statement must be properly configured. (Cat II impact)
Discussion
By limiting the number of failed logon attempts, the risk of unauthorized system access via user password guessing, otherwise known as brute-forcing, is reduced. Limits are imposed by locking the account.
Check Content
View system config “JOURNALING” statement. If the “JOURNALING” statement “LOGON” operand is configured as below, this is not a finding. Logon, Account after 3 attempts, Lockout after 3 attempts for 0 Link, Account after 3 attempts, Disable after 3 attempts
Fix Text
Configure the system config “JOURNALING” statement to include the following: Logon, Account after 3 attempts, Lockout after 3 attempts for 0 Link, Account after 3 attempts, Disable after 3 attempts
Additional Identifiers
Rule ID:
Vulnerability ID: IBMZ-VM-001020
Group Title:
Expert Comments
CCIs
| Number | Definition |
|---|---|
| CCI-002238 |
The information system automatically locks the account or node for either an organization-defined time period, until the locked account or node is released by an administrator, or delays the next logon prompt according to the organization-defined delay algorithm when the maximum number of unsuccessful logon attempts is exceeded. |
Controls
| Number | Title |
|---|---|
| AC-7 |
Unsuccessful Logon Attempts |