Check: IBMZ-VM-000390
IBM zVM STIG:
IBMZ-VM-000390
(in version v1 r0.1)
Title
IBM z/VM must enforce password complexity by requiring that at least one numeric character be used. (Cat II impact)
Discussion
Use of a complex password helps to increase the time and resources required to compromise the password. Password complexity, or strength, is a measure of the effectiveness of a password in resisting attempts at guessing and brute-force attacks. Password complexity is one factor of several that determines how long it takes to crack a password. The more complex the password, the greater the number of possible combinations that need to be tested before the password is compromised.
Check Content
If there is no VM:Secure PASSWORD user exit in use, this is a finding. Review the VM:Secure PASSWORD user exit. If there is no code that enforces a minimum that at least one numeric character is used in the new password, this is a finding.
Fix Text
Configure a VM:Secure PASSWORD user exit that enforces at least one numeric in the new Password. Ensure that the following Macros are updated with proper PASSWORD user exit: FORCEPWC VMXCHGPW MAINT USE00080
Additional Identifiers
Rule ID:
Vulnerability ID: IBMZ-VM-000390
Group Title:
Expert Comments
CCIs
Number | Definition |
---|---|
CCI-000194 |
The information system enforces password complexity by the minimum number of numeric characters used. |
Controls
Number | Title |
---|---|
IA-5 (1) |
Password-Based Authentication |