5.11 DB2CHGPWD_EEE Registry Variable

Information

The DB2CHGPWD_EEE registry variable specifies whether users are able to change passwords through Db2 in a partitioned database environment.

It is recommended to set this variable to NO.

Rationale:

If password management in the partitioned database environment is not centralized, then it could result in a situation where one partition has the updated password for a given user while the rest have the old password which is a security risk.

NOTE: Nessus has provided the target output to assist in reviewing the benchmark to ensure target compliance.

Solution

Run the following command to set the DB2CHGPWD_EEE registry variable to NO:

db2set DB2CHGPWD_EEE=NO

See Also

https://workbench.cisecurity.org/benchmarks/10752

Item Details

Category: ACCESS CONTROL

References: 800-53|AC-2(1), CSCv7|16.2

Plugin: Windows

Control ID: dd45a9e0ddc0a553d74c88f896d881ef0d8a1d892daf6389b04d22d24a922596