The LockOutRealm must be configured with a login lockout time of 15 minutes.
An XCCDF Rule
Description
<VulnDiscussion>LockOutRealm prevents brute force attacks against user passwords. Removal of unneeded or nonsecure functions, ports, protocols, and services mitigate the risk of unauthorized connection of devices, unauthorized transfer of information, or other exploitation of these resources. Access to LockOutRealm must be configured to control login attempts by local accounts. The organization must perform a periodic scan/review of the application (as required by CCI-000384) and disable functions, ports, protocols, and services deemed to be unneeded or nonsecure.</VulnDiscussion><FalsePositives></FalsePositives><FalseNegatives></FalseNegatives><Documentable>false</Documentable><Mitigations></Mitigations><SeverityOverrideGuidance></SeverityOverrideGuidance><PotentialImpacts></PotentialImpacts><ThirdPartyTools></ThirdPartyTools><MitigationControl></MitigationControl><Responsibility></Responsibility><IAControls></IAControls>
- ID
- SV-224784r1013864_rule
- Severity
- Medium
- References
- Updated
Remediation - Manual Procedure
Add lockOutTime parameter to the LockOutRealm configuration:
Log in to the ISEC7 SPHERE server.
Navigate to <Drive>:\Program Files\Isec7 SPHERE\Tomcat\Config.
Open the server.xml file with Notepad.
Select Edit>Find and search for LockOutRealm.