Skip to content

A maximum of 60-minute delay must be specified for the password retry after 3 failed attempts to enter your password

An XCCDF Rule

Description

<VulnDiscussion>The Maximum failed attempts before disable delay is not set to 3. This specifies the number of consecutive incorrect password attempts the Hardware Management Console allows as 3 times, before setting a 60-minute delay to attempt to retry the password. The improper setting of any of these fields, individually or in combination with another, can compromise the security of the processing environment. Note: The Hardware Management Console does not allow a revoke of a user ID.A 60-minute delay time setting is being substituted.</VulnDiscussion><FalsePositives></FalsePositives><FalseNegatives></FalseNegatives><Documentable>false</Documentable><Mitigations></Mitigations><SeverityOverrideGuidance></SeverityOverrideGuidance><PotentialImpacts></PotentialImpacts><ThirdPartyTools></ThirdPartyTools><MitigationControl></MitigationControl><Responsibility></Responsibility><IAControls></IAControls>

ID
SV-256881r958736_rule
Severity
Low
References
Updated



Remediation - Manual Procedure

The System Administrator will display the User Properties window on the Hardware Management Console for each user and verify that the disable delay is set to 60 or more.   

Maximum Failed Attempts and Disable Delay are found in User Profiles by selecting the user, selecting modify user and then selecting User Properties.