Navigate

Check: IBMZ-VM-000500

IBM zVM STIG: IBMZ-VM-000500 (in version v1 r0.1)

Title

The IBM z/VM CA VM:Secure product AUTOEXP record in the Security Config File must be properly set. (Cat II impact)

Discussion

Any password, no matter how complex, can eventually be cracked. Therefore, passwords need to be changed periodically. If the operating system does not limit the lifetime of passwords and force users to change their passwords, there is the risk that the operating system passwords could be compromised.

Check Content

Examine the “SECURITY” CONFIG file. If there is no “AUTOEXP” record, this is a finding. If the “AUTOEXP” record is configured as below, this is not finding. AUTOEXP 10 60

Fix Text

Include an “AUTOEXP” record in the “SECURITY CONFIG” file that is configured as follows: AUTOEXP 10 60

Additional Identifiers

Rule ID:

Vulnerability ID: IBMZ-VM-000500

Group Title:

Expert Comments

Expert comments are only available to logged-in users.

CCIs

CCIs tied to check.

Number	Definition
CCI-000199	The information system enforces maximum password lifetime restrictions.

Controls

Controls tied to check. These are derived from the CCIs shown above.

Number	Title
IA-5 (1)	Password-Based Authentication