CA-ACF2 must prevent the use of dictionary words for passwords.
Severity | Group ID | Group Title | Version | Rule ID | Date | STIG Version |
|---|---|---|---|---|---|---|
| medium | V-223477 | SRG-OS-000480-GPOS-00225 | ACF2-ES-000590 | SV-223477r1001097_rule | 2026-03-09 | 9 |
Description
If the operating system allows the user to select passwords based on dictionary words, then this increases the chances of password compromise by increasing the opportunity for successful guesses and brute-force attacks.
ℹ️ Check
From the ISPF Command Shell enter:
ACF to enter ACF2 Command shell
enter SHOW STATE
If "PSWDRSV = NO", this is a finding.
If "PSWDRSVW = NO", this is a finding.
SHOW PSwdopts
Reserved Words and Prefixes
APPL APR ASDF AUG BASIC
CADAM DEC DEMO FEB FOCUS
GAME IBM JAN JUL JUN
LOG MAR MAY NET NEW
NOV OCT PASS ROS SEP
SIGN SYS TEST TSO VALID
VTAM XXX 1234
✔️ Fix
Configure the GSO record to include PSWDRSV and PSWDRSVW.