© 2010 The PowerTech Group, Inc.
All Rights Reserved
Run the Security System Values report to determine the current settings for security system values on your system. Compare the system values with the recommended values in the chart below. Click on the link in the system value name to learn more about its meaning.
Recommended System Values |
||||||
System Value |
Description |
Audit Importance |
COBIT 4.0 |
ISO27002
|
PCI |
PowerTech |
|
|
System Security Level |
HIGH |
|
|
40 or 50 |
|
Time-out Period for Inactive Jobs |
HIGH |
|
30 = 30 Minutes |
|||
Action/Message Queue for Inactive Jobs |
Low |
|
*DSCJOB - or - a monitored message queue name |
|||
Period before disconnected jobs end |
MEDIUM |
|
|
180 Minutes |
||
Display Sign-on Information |
Medium |
|
1 = Display Sign On information |
|||
No. of unsuccessful login attempts allowed for this account |
HIGH |
5 |
||||
Action after number of signon attempts exceeds the max |
HIGH |
2 = Disable Profile |
||||
Create Default Public Authority |
HIGH |
|
|
*USE, then control at Library Level |
||
Use Adopted Authority Authorization List |
Low
|
|
An authorization list |
|||
Which libraries on the system may contain User Domain Objects |
Medium |
|
The values *ALL or *DIR are not recommended |
|||
Allow Restore of Security-Sensitive Objects |
HIGH |
|
*None and toggle to *ALWPGMADP or *ALWPTF when necessary |
|||
Shared Memory Control |
Low
|
|
|
|
1 = Allow |
|
Verify Object on Restore |
MEDIUM
|
|
3 or 5 |
|||
Number of days before a user must change a password |
HIGH |
90 = 90 days |
||||
Adjacent digits are allowed in passwords |
Low |
|
1 = Not Allowed |
|||
Limit characters |
Low |
|
*NONE |
|||
Repeat characters are allowed in passwords |
Low |
|
2 = Consec characters cannot be repeated |
|||
Minimum password length |
HIGH |
6 = 6 Character minimum |
||||
Maximum password length |
MEDIUM |
|
|
8 or higher |
||
Limit character position in passwords |
LOW |
|
0 = Positional difference not enforced |
|||
Digits required in passwords |
MEDIUM |
|
1 = Digit Required |
|||
Duplicate password allowed? |
HIGH |
5 = Must be different than last 10 passwords (at least) |
||||
Is there a password validation program in place? |
MEDIUM
|
|
*None |
|||
Password Level |
MEDIUM
|
|
1 or 3 |
|||
Auditing control |
HIGH |
|
*AUDLVL, *OBJAUD, *NOQTEMP = Audit these values |
|||
Security auditing level |
HIGH |
|
|
|||
Auditing end action |
HIGH |
|
*NOTIFY - Send a message if auditing is ended |
|||
Auditing force level |
LOW |
|
|
*SYS |
||
Auditing of new objects |
HIGH |
|
*NONE, then control at Library Level |
|||
Allow auto-create of virtual devices |
LOW |
|
|
|
Less than 100 |
|
Automatic configuration |
HIGH |
|
|
|
0 = Disabled |
|
User limited to one device session |
LOW |
|
|
1 = Limit number of concurrent sessions & control at the user profile level |
||
Limit SECOFR to allowed terminals |
LOW |
|
|
1 = Limit Security Officer sign on |
||
Auto-configure remote controllers |
HIGH |
|
|
0 = Disabled |
||
Retain server security data |
LOW |
|
|
|
0 = Do not retain server security data |
|
Device I/O error action |
LOW
|
|
|
*DSCMSG, *DSCENDRQS, *ENDJOB, *ENDJOBNOLIST |
||
Remote sign-on control |
HIGH |
|
|
Not *SAMEPRF |
||
Default Attention Key handling program |
MEDIUM |
|
|
|
*None |
|
Remote power on and IPL |
MEDIUM |
|
|
0 = Do not allow Remote IPL |
||
Program that is called from an autostart job when the controlling subsystem is started |
MEDIUM |
|
|
|
Named program |
|
Force object conversion during restore
|
Low |
|
|
|
1 = Objects with validation errors are converted |
|
© 2010 The PowerTech Group, Inc.
All Rights Reserved