STIGhubSTIGhub
STIGsRMF ControlsCompare

STIGhub

A free tool to search and browse the entire DISA STIG library. Saves up to 75% in security compliance research time.

Navigation

  • Browse STIGs
  • Search
  • RMF Controls
  • Compare Versions

Resources

  • About
  • Release Notes
  • VPAT
  • DISA STIG Library
STIGs updated 2 hours ago
Powered by Pylon
© 2026 Beacon Cloud Solutions, Inc. All rights reserved.
← Back to IBM z/OS RACF Security Technical Implementation Guide

V-257135

CAT II (Medium)

IBM Passtickets must be configured to be KeyEncrypted.

Rule ID

SV-257135r998383_rule

STIG

IBM z/OS RACF Security Technical Implementation Guide

Version

V9R8

CCIs

CCI-004062

Discussion

Passwords such as IBM Passtickets need to be protected at all times, and encryption is the standard method for protecting such passwords. If passwords are not encrypted, they may be plainly read (i.e., clear text) and easily compromised.

Check Content

From the ISPF Command Shell enter:

RList PTKTDATA * SSIGNON NORACF

If any profile is not defined as KEYENCRYPTED, this is a finding.

Fix Text

Ensure that all Passticket profiles are configured to be KeyEncrypted.