You can use the exit routine (ICHPWX11) to lookup the password in a dataset and reject if the password is found.
https://www.ibm.com/docs/en/zos/2.4.0?topic=exits-new-password-phrase-exit-ichpwx11 Joe On Tue, Nov 26, 2024 at 11:25 AM Grace Godfrey < [email protected]> wrote: > Hi, > > I'm hoping to tap the vast knowledge here on IBM-Main. > > We're under NYDFS Cybersecurity regulations and I'm looking at 500.7(c)(2) > > (c) Each class A company shall monitor privileged access activity and > shall implement: > (1) a privileged access management solution; and > (2) an automated method of blocking commonly used passwords for all > accounts on > information systems owned or controlled by the class A company and > wherever feasible > for all other accounts. To the extent the class A company determines > that blocking > commonly used passwords is infeasible, the covered entity’s CISO may > instead approve > in writing at least annually the infeasibility and the use of > reasonably equivalent or more > secure compensating controls > > Does anyone have any experience blocking common passwords within RACF? > Does IBM ship a component to satisfy 500.7(c)(2) for zOS RACF? > > Any information or ideas are appreciated. > > Thanks! Grace > > ---------------------------------------------------------------------- > For IBM-MAIN subscribe / signoff / archive access instructions, > send email to [email protected] with the message: INFO IBM-MAIN > ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [email protected] with the message: INFO IBM-MAIN
