ONTAP must be configured to enforce the limit of three consecutive failed logon attempts.

An XCCDF Rule

Details
Profiles

Description

By limiting the number of failed login attempts, the risk of unauthorized system access via user password guessing, otherwise known as brute-forcing, is reduced.

ID: SV-246931r960840_rule
Version: NAOT-AC-000010
Severity: Medium
References: CCI-000044
Updated: 4 days ago

Remediation Templates

Use the command "security login role config show" to get a list of roles.

For each role, use the command "security login role config show -vserver <vserver_name> -role <role_name>" to view the password requirements for each role. 

For any role that does not have "Maximum Number of Failed Attempts" set to "3", use the command "security login role config modify -role <role_name> -vserver <vserver_name>  -max-failed-login-attempts 3".

ONTAP must be configured to enforce the limit of three consecutive failed logon attempts.

Description

Remediation Templates

A Manual Procedure