The IBM z/VM JOURNALING statement must be properly configured.

An XCCDF Rule

Details
Profiles
Prose

Description

<VulnDiscussion>By limiting the number of failed logon attempts, the risk of unauthorized system access via user password guessing, otherwise known as brute-forcing, is reduced. Limits are imposed by locking the account.</VulnDiscussion><FalsePositives></FalsePositives><FalseNegatives></FalseNegatives><Documentable>false</Documentable><Mitigations></Mitigations><SeverityOverrideGuidance></SeverityOverrideGuidance><PotentialImpacts></PotentialImpacts><ThirdPartyTools></ThirdPartyTools><MitigationControl></MitigationControl><Responsibility></Responsibility><IAControls></IAControls>

ID: SV-237944r859014_rule
Severity: Medium
References: CCI-002268
Updated: about 1 year ago

Configure the system config "JOURNALING" statement to include the following:

Logon,
Account after 3 attempts,
See IBMZ-VM-000040 for LOCKOUT setting.
Link,
Account after 3 attempts,
Disable after 3 attempts

The IBM z/VM JOURNALING statement must be properly configured.

Description

Remediation - Manual Procedure