Check: IBMZ-VM-000440
IBM zVM STIG:
IBMZ-VM-000440
(in version v1 r0.1)
Title
IBM z/VM must enforce 24 hours/1 day as the minimum password lifetime. (Cat II impact)
Discussion
Enforcing a minimum password lifetime helps to prevent repeated password changes to defeat the password reuse or history enforcement requirement. If users are allowed to immediately and continually change their password, then the password could be repeatedly changed in a short period of time to defeat the organization's policy regarding password reuse.
Check Content
If there is no VM:Secure PASSWORD user exit in use, this is a finding. Review the VM:Secure PASSWORD user exit. If there is no code that enforces 24 hours/1 day as the minimum password lifetime, this is a finding.
Fix Text
Configure a VM:Secure PASSWORD user exit that enforces 24 hours/1 day as the minimum password lifetime. Ensure that the following Macros are updated with proper PASSWORD user exit: FORCEPWC VMXCHGPW MAINT USE00080
Additional Identifiers
Rule ID:
Vulnerability ID: IBMZ-VM-000440
Group Title:
Expert Comments
CCIs
| Number | Definition |
|---|---|
| CCI-000198 |
The information system enforces minimum password lifetime restrictions. |
Controls
| Number | Title |
|---|---|
| IA-5 (1) |
Password-Based Authentication |