Check: IBMZ-VM-000510
IBM zVM STIG:
IBMZ-VM-000510
(in version v1 r0.1)
Title
The IBM z/VM CA VM:Secure product Password user exit must be coded with the PWLIST option properly set. (Cat II impact)
Discussion
Password complexity, or strength, is a measure of the effectiveness of a password in resisting attempts at guessing and brute-force attacks. If the information system or application allows the user to consecutively reuse their password when that password has exceeded its defined lifetime, the end result is a password that is not changed as per policy requirements.
Check Content
If there is no CA VM:Secure Product Password exit in use, this is a finding. Examine the CA VM:Secure product Password user exit user exit for requirement that uses a “PWLIST” option that prohibits password reuse for five generations. If this code is missing, this is a finding.
Fix Text
Engineer code in the CA VM:Secure Product Password exit that uses a “PWLIST” that prohibits password reuse for five generations.
Additional Identifiers
Rule ID:
Vulnerability ID: IBMZ-VM-000510
Group Title:
Expert Comments
CCIs
| Number | Definition |
|---|---|
| CCI-000200 |
The information system prohibits password reuse for the organization-defined number of generations. |
Controls
| Number | Title |
|---|---|
| IA-5 (1) |
Password-Based Authentication |