IBM RACF PASSWORD(RULEn) SETROPTS value(s) must be properly set.

An XCCDF Rule

Description

The shorter the password, the lower the number of possible combinations that need to be tested before the password is compromised. Password complexity, or strength, is a measure of the effectiveness of a password in resisting attempts at guessing and brute-force attacks. Password length is one factor of several that helps to determine strength and how long it takes to crack a password. Use of more characters in a password helps to exponentially increase the time and/or resources required to compromise the password. Satisfies: SRG-OS-000069-GPOS-00037, SRG-OS-000078-GPOS-00046

ID: SV-223724r998347_rule
Version: RACF-ES-000770
Severity: Medium
References: CCI-004065 CCI-004066
Updated: about 2 months ago

Remediation Templates

Evaluate the impact associated with implementation of the control option. Develop a plan of action to implement the control option as specified in the example below:

For z/OS release 1.13 and 1.14 PTF UA90720 must be applied.
For z/OS Release 2.1 PTF UA90721 must be applied.

The RACF Command SETR LIST will show the status of RACF Controls including PASSWORD SYNTAX RULEs.
Setting the password syntax to all Mixed Case Alphanumeric and Special Characters is activated with the commands:

setr password(mixedcase)
setr password(specialchars)
setr password(rulen(length(8) mixedall(1:8))

IBM RACF PASSWORD(RULEn) SETROPTS value(s) must be properly set.

Description

Remediation Templates

A Manual Procedure