IBM System i Security Reference for V7R3

Audit Details

Name: IBM System i Security Reference for V7R3

Updated: 6/17/2024

Authority: IBM

Plugin: AS/400

Revision: 1.16

Estimated Item Count: 47

File Details

Filename: IBM_v7_r3_iseries_security_reference.audit

Size: 51.6 kB

MD5: 605b32c0013895c70e7a7391c36fbc58
SHA256: 9d4fb9f3cac9485f63c1b608c94c269e71ba9ff7134bc952338ea400398fac1e

Audit Items

DescriptionCategories
IBM i : Action When Sign-On Attempts Reached (QMAXSGNACN) - '3'

ACCESS CONTROL

IBM i : Allow Restoring of Security-Sensitive Objects (QALWOBJRST) - '*NONE'

ACCESS CONTROL

IBM i : Allow User Domain Objects (QALWUSRDMN) - '*ALL'

ACCESS CONTROL

IBM i : Auditing Control (QAUDCTL) - '!= *NONE'

AUDIT AND ACCOUNTABILITY

IBM i : Auditing End Action (QAUDENDACN) - '*NOTIFY or *PWRDWNSYS'

AUDIT AND ACCOUNTABILITY

IBM i : Auditing for New Objects (QCRTOBJAUD) - '*CHANGE'

AUDIT AND ACCOUNTABILITY

IBM i : Auditing Force Level (QAUDFRCLVL) - '*SYS'

AUDIT AND ACCOUNTABILITY

IBM i : Auditing Level (QAUDLVL) - '*SECURITY'

AUDIT AND ACCOUNTABILITY

IBM i : Auditing Level (QAUDLVL2) - '*SECURITY'

AUDIT AND ACCOUNTABILITY

IBM i : Authority for New Objects (QCRTAUT) - '*CHANGE'

ACCESS CONTROL

IBM i : Automatic Configuration of Virtual Devices (QAUTOVRT) - '0'

SYSTEM AND COMMUNICATIONS PROTECTION

IBM i : Automatic Device Configuration (QAUTOCFG) - '0'

CONFIGURATION MANAGEMENT

IBM i : Block Password Change (QPWDCHGBLK) - '>=48'

IDENTIFICATION AND AUTHENTICATION

IBM i : Character Position Difference for Passwords (QPWDPOSDIF) - '0'

IDENTIFICATION AND AUTHENTICATION

IBM i : Device Recovery Action (QDEVRCYACN) - '*DSCMSG'

CONFIGURATION MANAGEMENT

IBM i : Disconnected Job Time-Out Interval (QDSCJOBITV) - '<=120'

ACCESS CONTROL

IBM i : Display Sign-On Information (QDSPSGNINF) - '1'

ACCESS CONTROL

IBM i : Force Conversion on Restore (QFRCCVNRST) - '>=3'

CONFIGURATION MANAGEMENT

IBM i : Inactive Job Time-Out Interval (QINACTITV) - '60'

ACCESS CONTROL

IBM i : Inactive Job Time-Out Message Queue (QINACTMSGQ) - '*DSCJOB'

ACCESS CONTROL

IBM i : Limit Device Sessions (QLMTDEVSSN) - '1'

ACCESS CONTROL

IBM i : Limit Security Officer (QLMTSECOFR) - '1'

ACCESS CONTROL

IBM i : Maximum Length of Passwords (QPWDMAXLEN) - '>=8'

IDENTIFICATION AND AUTHENTICATION

IBM i : Maximum Sign-On Attempts (QMAXSIGN) - '<=3'

ACCESS CONTROL

IBM i : Minimum Length of Passwords (QPWDMINLEN) - '>=7'

IDENTIFICATION AND AUTHENTICATION

IBM i : Password Approval Program (QPWDVLDPGM) - '*NONE'

IDENTIFICATION AND AUTHENTICATION

IBM i : Password Expiration Interval (QPWDEXPITV) - '30 to 90'

IDENTIFICATION AND AUTHENTICATION

IBM i : Password Expiration Warning (QPWDEXPWRN) - '<=14'

IDENTIFICATION AND AUTHENTICATION

IBM i : Password Level (QPWDLVL) - '>=0'

IDENTIFICATION AND AUTHENTICATION

IBM i : Password Rules (QPWDRULES) - '*PWDSYSVAL'

IDENTIFICATION AND AUTHENTICATION

IBM i : Remote power-on and restart (QRMTIPL) - '0'

ACCESS CONTROL

IBM i : Remote Service Attribute (QRMTSRVATR) - '0'

CONFIGURATION MANAGEMENT

IBM i : Remote Sign-On Control (QRMTSIGN) - '*REJECT'

IDENTIFICATION AND AUTHENTICATION

IBM i : Required Difference in Passwords (QPWDRQDDIF) - '<=5'

IDENTIFICATION AND AUTHENTICATION

IBM i : Requirement for Numeric Character in Passwords (QPWDRQDDGT) - '1'

IDENTIFICATION AND AUTHENTICATION

IBM i : Restricted Characters for Passwords (QPWDLMTCHR)

IDENTIFICATION AND AUTHENTICATION

IBM i : Restriction of Consecutive Digits for Passwords (QPWDLMTAJC) - '0'

IDENTIFICATION AND AUTHENTICATION

IBM i : Restriction of Repeated Characters for Passwords (QPWDLMTREP) - '1'

IDENTIFICATION AND AUTHENTICATION

IBM i : Retain Server Security (QRETSVRSEC) - '1'

IDENTIFICATION AND AUTHENTICATION

IBM i : Scan File Systems (QSCANFS) - '*ROOTOPNUD'

CONFIGURATION MANAGEMENT

IBM i : Scan File Systems Control (QSCANFSCTL)- '*NONE'

CONFIGURATION MANAGEMENT

IBM i : Secure Sockets Layer (SSL) cipher control (QSSLCSLCTL) - '*OPSYS'

SYSTEM AND COMMUNICATIONS PROTECTION

IBM i : Secure Sockets Layer (SSL) cipher specification list (QSSLCSL)

SYSTEM AND COMMUNICATIONS PROTECTION

IBM i : Secure Sockets Layer (SSL) protocols (QSSLPCL) - '*OPSYS'

SYSTEM AND COMMUNICATIONS PROTECTION

IBM i : Share Memory Control (QSHRMEMCTL) - '1'

SYSTEM AND INFORMATION INTEGRITY

IBM i : Use Adopted Authority (QUSEADPAUT) - AUTH_LIST_NAME

ACCESS CONTROL

IBM i : Verify Object on Restore (QVFYOBJRST) - '3'

SYSTEM AND INFORMATION INTEGRITY