SRG-OS-000021-GPOS-00005

The operating system must enforce the limit of three consecutive invalid logon attempts by a user during a 15-minute time period.

Details
Associations

Canonical Source

SV-203594r958388_rule ( from General Purpose Operating System Security Requirements Guide )

Description

By limiting the number of failed logon attempts, the risk of unauthorized system access via user password guessing, otherwise known as brute-force attacks, is reduced. Limits are imposed by locking the account.