STIGQter: STIG Summary: Mainframe Product Security Requirements Guide Version: 1 Release: 4 Benchmark Date: 24 Jan 2020:

The Mainframe Product must automatically remove or disable temporary user accounts after 72 hours.

DISA Rule

SV-82621r1_rule

Vulnerability Number

V-68131

Group Title

SRG-APP-000024-MFP-000036

Rule Version

SRG-APP-000024-MFP-000036

Severity

CAT II

CCI(s)

• CCI-000016 - The information system automatically removes or disables temporary accounts after an organization-defined time period for each type of account.

Weight

10

Fix Recommendation

Configure the Mainframe Product account management settings to automatically remove or disable temporary user accounts after 72 hours.

Check Contents

If the Mainframe Product employs an external security manager for all account management functions, this is not applicable.

Examine account management settings.

If temporary users are not removed or disabled after 72 hours, this is a finding.

Vulnerability Number

V-68131

Documentable

False

Rule Version

SRG-APP-000024-MFP-000036

Severity Override Guidance

If the Mainframe Product employs an external security manager for all account management functions, this is not applicable.

Examine account management settings.

If temporary users are not removed or disabled after 72 hours, this is a finding.

Check Content Reference

M

Target Key

3061

Comments