SRG-OS-000480-GPOS-00226
The operating system must enforce a delay of at least 4 seconds between logon prompts following a failed logon attempt.
Canonical Source
SV-203779r991588_rule ( from General Purpose Operating System Security Requirements Guide )Description
Limiting the number of logon attempts over a certain time interval reduces the chances that an unauthorized user may gain access to an account.