Hi,
I'm hoping to tap the vast knowledge here on IBM-Main.
We're under NYDFS Cybersecurity regulations and I'm looking at 500.7(c)(2)
(c) Each class A company shall monitor privileged access activity and shall
implement:
(1) a privileged access management solution; and
(2) an automated method of blocking commonly used passwords for all
accounts on
information systems owned or controlled by the class A company and
wherever feasible
for all other accounts. To the extent the class A company determines that
blocking
commonly used passwords is infeasible, the covered entity’s CISO may
instead approve
in writing at least annually the infeasibility and the use of reasonably
equivalent or more
secure compensating controls
Does anyone have any experience blocking common passwords within RACF?
Does IBM ship a component to satisfy 500.7(c)(2) for zOS RACF?
Any information or ideas are appreciated.
Thanks! Grace
----------------------------------------------------------------------
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to [email protected] with the message: INFO IBM-MAIN
