CCI-002236

Defines the time period the information system will automatically lock the account or node when the maximum number of unsuccessful logon attempts is exceeded.

Details
Associations

6 rules found Severity: Medium

5 rules found Severity: Medium

6 rules found Severity: Medium

1 rule found Severity: Medium

CCI-002236

Lock Accounts After Failed Password Attempts

Set Interval For Counting Failed Password Attempts

Set Lockout Time for Failed Password Attempts

IBM Aspera Console must lock accounts after three unsuccessful login attempts within a 15-minute timeframe.

IBM Aspera Faspex must lock accounts after three unsuccessful login attempts within a 15-minute timeframe.

IBM Aspera Shares must lock accounts after three unsuccessful login attempts within a 15-minute timeframe.

The Red Hat Enterprise Linux operating system must be configured to lock accounts for a minimum of 15 minutes after three unsuccessful logon attempts within a 15-minute timeframe.

The Oracle Linux operating system must be configured to lock accounts for a minimum of 15 minutes after three unsuccessful logon attempts within a 15-minute timeframe.