STIGQter STIGQter: STIG Summary: IBM z/OS RACF Security Technical Implementation Guide Version: 8 Release: 3 Benchmark Date: 23 Apr 2021:

The IBM RACF SETROPTS PASSWORD(MINCHANGE) value must be set to 1.

DISA Rule

SV-223726r604139_rule

Vulnerability Number

V-223726

Group Title

SRG-OS-000075-GPOS-00043

Rule Version

RACF-ES-000790

Severity

CAT II

CCI(s)

Weight

10

Fix Recommendation

Configure PASSWORD(MINCHANGE) SETROPTS value number to "1". This specifies the number of days that must pass before a user can change their password.

Evaluate the impact associated with implementation of the control option. Develop a plan of action to implement the control option as specified in the example below:

The RACF Command SETR LIST will show the status of RACF Controls including PASSWORD MINCHANGE. Use the following command as an example command:
SETROPTS PASSWORD(MINCHANGE(1))

Check Contents

From the ISPF Command Shell enter:
SETRopts List

If the PASSWORD(MINCHANGE) value shows PASSWORD MINIMUM CHANGE INTERVAL IS <1> DAYS, this is not a finding.

Vulnerability Number

V-223726

Documentable

False

Rule Version

RACF-ES-000790

Severity Override Guidance

From the ISPF Command Shell enter:
SETRopts List

If the PASSWORD(MINCHANGE) value shows PASSWORD MINIMUM CHANGE INTERVAL IS <1> DAYS, this is not a finding.

Check Content Reference

M

Target Key

4101

Comments