STIGQter STIGQter: STIG Summary: z/OS RACF STIG Version: 6 Release: 43 Benchmark Date: 24 Jan 2020: The PASSWORD(RULEn) SETROPTS value(s) must be properly set.

DISA Rule

SV-274r4_rule

Vulnerability Number

V-274

Group Title

RACF0460

Rule Version

RACF0460

Severity

CAT II

CCI(s)

Weight

10

Fix Recommendation

The ISSO will evaluate the impact associated with implementation of the control option. Develop a plan of action to implement the control option as specified in the example below:

For z/OS release 1.13 and 1.14 PTF UA90720 must be applied.
For z/OS Release 2.1 PTF UA90721 must be applied.

The RACF Command SETR LIST will show the status of RACF Controls including PASSWORD SYNTAX RULEs.

Setting the password syntax to all Mixed Case Alphanumeric and Special Characters is activated with the commands:

setr password(mixedcase)
setr password(specialchars)
setr password(rule1(length(8) mixedall(1:8))

Check Contents

Refer to the following report produced by the RACF Data Collection:

- RACFCMDS.RPT(SETROPTS)

Automated Analysis
Refer to the following report produced by the RACF Data Collection:

- PDI(RACF0460)

If the following options are specified, this is not a finding.

___ Verify at least one PASSWORD(RULE) under "INSTALLATION PASSWORD SYNTAX RULES" is defined with the values shown below:

RULE 1 LENGTH(8) xxxxxxxx

___ Verify the following options are in effect under "PASSWORD PROCESSING OPTIONS":

“MIXED CASE PASSWORD SUPPORT IS IN EFFECT”
“SPECIAL CHARACTERS ARE ALLOWED.”

Vulnerability Number

V-274

Documentable

False

Rule Version

RACF0460

Severity Override Guidance

Refer to the following report produced by the RACF Data Collection:

- RACFCMDS.RPT(SETROPTS)

Automated Analysis
Refer to the following report produced by the RACF Data Collection:

- PDI(RACF0460)

If the following options are specified, this is not a finding.

___ Verify at least one PASSWORD(RULE) under "INSTALLATION PASSWORD SYNTAX RULES" is defined with the values shown below:

RULE 1 LENGTH(8) xxxxxxxx

___ Verify the following options are in effect under "PASSWORD PROCESSING OPTIONS":

“MIXED CASE PASSWORD SUPPORT IS IN EFFECT”
“SPECIAL CHARACTERS ARE ALLOWED.”

Check Content Reference

M

Target Key

197

Comments