The CA-ACF2 PSWD GSO record values for MAXTRY and PASSLMT must be properly set.
Severity | Group ID | Group Title | Version | Rule ID | Date | STIG Version |
|---|---|---|---|---|---|---|
| medium | V-223462 | SRG-OS-000329-GPOS-00128 | ACF2-ES-000430 | SV-223462r958736_rule | 2025-03-11 | 9 |
| Description |
|---|
| By limiting the number of failed logon attempts, the risk of unauthorized system access via user password guessing, otherwise known as brute-forcing, is reduced. Limits are imposed by locking the account. |
| ℹ️ Check |
|---|
| From an ACF command screen enter: SET CONTROL(GSO) SHOW PSwdopts If "MAXTRY" is set to "3", this is not a finding. If "PASSLMT" is set to "3", this is not a finding. |
| ✔️ Fix |
|---|
| Configure the GSO option "MAXTRY" to equal "3". Configure the GSO option "PASSLMT" to equal "3". |