Title

IBM z/VM must enforce password complexity by requiring that at least one upper-case character be used. (Cat II impact)

Discussion

Use of a complex password helps to increase the time and resources required to compromise the password. Password complexity, or strength, is a measure of the effectiveness of a password in resisting attempts at guessing and brute-force attacks. Password complexity is one factor of several that determines how long it takes to crack a password. The more complex the password, the greater the number of possible combinations that need to be tested before the password is compromised.

Check Content

If there is no VM:Secure PASSWORD user exit in use, this is a finding. Review the VM:Secure PASSWORD user exit. If there is no code that enforces a minimum that at least one uppercase character is used in the new password, this is a finding.

Fix Text

Configure a VM:Secure PASSWORD user exit that enforces at least one upper case in the new Password. Ensure that the following Macros are updated with proper PASSWORD user exit: FORCEPWC VMXCHGPW MAINT USE00080

Additional Identifiers

Rule ID:

Vulnerability ID: IBMZ-VM-000370

Group Title:

Expert Comments

CCIs tied to check.

Controls tied to check. These are derived from the CCIs shown above.