On 5/16/2006 10:24 AM, [EMAIL PROTECTED] wrote:
I read somewhere that the motivation for support of mixed
case passwords in z/OS v1r7 is an external requirement that
the password space have cardinality at least 10^13. Does
any reader of this list know the source of this requirement?
Sarbanes-Oxley (chapter and verse)? Other (specify)?
As far as I remember, the mixed-case requirement comes solely from our
customers and their desires to have RACF support mixed-case passwords as
other systems do.
The z/OS R8 implementation of password phrases (aka pass phrases),
however, derives from one of the NSA-generated Common Criteria
Protection Profiles for operating systems, as well as customer
requirements for longer passwords.
Walt Farrell, CISSP
z/OS Security Design, IBM
----------------------------------------------------------------------
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to [EMAIL PROTECTED] with the message: GET IBM-MAIN INFO
Search the archives at http://bama.ua.edu/archives/ibm-main.html
