Brian RACF provides functionality in this area, password RULES or somesuch. See
http://publibz.boulder.ibm.com/cgi-bin/bookmgr_OS390/BOOKS/ichza720/5.2.1?AC TION=MATCHES&REQUEST=password+rules&TYPE=FUZZY&SHELF=&DT=20020109124747&CASE =&searchTopic=TOPIC&searchText=TEXT&searchIndex=INDEX&rank=RANK&ScrollTOP=FI RSTHIT#FIRSTHIT I am not really a RACF expert, but I think you will be able to achieve some of these objectives in a simple way that is supported by standard software. HTH Julian > > Hi folks > > Like many card-processing organisations worldwide, we're going > through the audit for PCI-S at the moment. > > I'm being constantly harrased by our risk team to provide some > means of control over user passwords - at first they were > demanding that all passwords contained at least 10 characters, > comprised of a mixture of upper and lower case, numerics and > special characters, but after me explaining to them that they > could only have upper case, numerics and only three special > characters in an eight-character length, they revised their demands. > > Now they're insisting that I provide some sort of mechanism to > enforce password complexity, ie, something that forces users to > implement passwords that have at least a given number of > characters, numerics, and special characters, with no > repetitions etc etc. > > I don't really have the time to do this and I'm arguing that I > don't see what benefit we will get from the considerable amount > of effort that I will have to put into designing, coding and > testing such a routine, and then there's the question of risk of > malfunction to do subsequent operating system release changes etc. > > Basically, I don't want to do it, and I'm looking for good excuses not to. > > Have any of you gone through PCI accreditation and, if so, did > you have to address this? > > Thanks > > Brian Try Capscan's new online bureau at http://www.capscanintegrity.com ***** Matchcode International "Best International Product" at IDMF ***** ******************************************************************* This e-mail is confidential and intended solely for the use of the individual to whom it was addressed. If you are not the intended recipient, you are hereby notified that any dissemination, distribution or copying of this message is strictly prohibited. Please delete any copies you may have, on any computer. Any views expressed in this message are those of the individual sender and do not necessarily represent the views of Capscan Ltd and/or its subsidiaries. Please be aware that Internet communications are not secure. Capscan Limited Head Office: Capscan Limited Grand Union House 20 Kentish Town Road London NW1 9BB Registered in England no. 1183941 ******************************************************************* ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [EMAIL PROTECTED] with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html
