Skip to content

IBM interactive USERIDs defined to RACF must have the required fields completed.

An XCCDF Rule

Description

<VulnDiscussion>Interactive users are considered to be users of CICS, IMS, TSO/E, NetView, or other products that support logging on at a terminal. Improper assignments of attributes in the LOGONID record for interactive users may allow users excessive privileges resulting in unauthorized access.</VulnDiscussion><FalsePositives></FalsePositives><FalseNegatives></FalseNegatives><Documentable>false</Documentable><Mitigations></Mitigations><SeverityOverrideGuidance></SeverityOverrideGuidance><PotentialImpacts></PotentialImpacts><ThirdPartyTools></ThirdPartyTools><MitigationControl></MitigationControl><Responsibility></Responsibility><IAControls></IAControls>

ID
SV-223718r958482_rule
Severity
Medium
References
Updated



Remediation - Manual Procedure

Review all interactive USERID definitions to ensure required information is provided. Evaluate the impact of correcting any deficiencies. Develop a plan of action and implement the required changes.

The PASSWORD-INTERVAL for an interactive user must be set to 60 days.

Note: FTP only process and server to server userids may have PASSWORD(NOINTERVAL) specified. These users must be identified in the FTPUSERS group in the Dialog Process or FTP in the name field. Additionally, these users must change their passwords on an annual basis or less.