The following tests are performed by AZScan when reviewing AS400 systems.

No Code Description Risk
1 SYSSET System settings  
1 1.1 QSEC Security level Medium
2 1.2 QAUTOC Auto configuration Low
3 1.3 QAUTOVRT Auto virtual Low
4 1.4 QCRTAUT Default public authority Medium
5 1.5 QALWUD Allow user domain Low
6 1.6 QAOR Allow object restore Low
7 1.7 QATNPGM Attention program Medium
2 SYSPWDS System passwords  
8 2.1 QPWDLVL Password level Low
9 2.2 QPWDEXPITV Password expiration interval High
10 2.3 QPWDLMTAJC Password limit adjacent digits Low
11 2.4 QPWDLMTCHR Password limit characters Low
12 2.5 QPWDLMTREP Password limit repetition Low
13 2.6 QPWDMINLEN Password minimum length High
14 2.7 QPWDMAXLEN Password maximum length Low
15 2.8 QPWDPOSDIF Password position different Low
16 2.9 QPWDRQDDGT Password does not require digits Medium
17 2.10 QPWDRQDDIF Password required to be different High
18 2.11 QPWDVLDPGM Password validation program Low
3 USERS Users  
19 3.1 UCLASS User Classes High
20 3.2 DISPROF Users with disabled profiles Low
21 3.3 CURLIB Users current library Low
22 3.4 INLPGM Users initial programs Low
23 3.5 INLMNU Users initial menu Low
24 3.6 DSPSGNINF Users display sign-on information Medium
25 3.7 LMTCPB Users limit capability Low
26 3.8 QLMTDEVSSN Users with limited device sessions Low
27 3.9 SPCENV Users with special environments Low
4 SPAUTHORTY Special Authorities  
28 4.1 ALLOBJ Users with all objects authority High
29 4.2 SECADM Users with security administration authority High
30 4.3 JOBCTL Users with job control authority Medium
31 4.4 SPLCTL Users with spool control Authority Medium
32 4.5 SAVSYS Users with save system authority Medium
33 4.6 SERVICE Users with service authority Medium
34 4.7 AUDIT Users with audit authority Low
35 4.8 IOSYSCFG Users with system configuration authority Low
5 UPASSWORD User passwords  
36 5.1 PWDEXPITV Users password expiry interval Medium
37 5.2 PWDEXPD Users with password set to expired Medium
38 5.3 PWDLCHG Users password last changed Medium
39 5.4 PWDIBMPRO IBM system profiles where password <> *NONE Low
6 SIGNON Signon attempts allowed  
40 6.1 QMAXSIGN Maximum sign-on attempts Medium
41 6.2 QMAXSGNACN Maximum sign-On attempt action Low
42 6.3 QRMTSIGN Remote sign-on Medium
43 6.4 QLMTESCOFR Limit security officer Low
44 6.5 QDSPSGNINF Display sign-on information Medium
45 6.6 QLMTDEVSSN Limit device sessions Low
46 6.7 QINACTITV Inactive Interval Medium
47 6.8 QINACTMSGQ Inactive Message Queue Low
7 GROUPS Groups  
48 7.1 GROUPS Users in each group Low
8 AUDITING Auditing  
49 8.1 QAUDCTL Audit control Low
50 8.2 QAUDLVL Audit level Medium
51 8.3 QAEA Audit end action Low
52 8.4 QAFREQ Audit frequency level Low
53 8.5 QCRTOBJAUD Create object audit Low

 

operating systems azscan tests files reports www.cxlsecure.com