AAA Services must be configured to automatically lock user accounts after three consecutive invalid logon attempts within a 15-minute time period.

An XCCDF Rule

Details
Profiles

Description

By limiting the number of failed logon attempts, the risk of unauthorized system access via user password guessing, otherwise known as brute forcing, is reduced. Limits are imposed by locking the account.

ID: SV-204644r960840_rule
Version: SRG-APP-000065-AAA-000200
Severity: Medium
References: CCI-000044
Updated: about 2 months ago

Remediation Templates

Configure AAA Services to automatically lock user accounts after three consecutive invalid logon attempts within a 15-minute time period.

AAA Services must be configured to automatically lock user accounts after three consecutive invalid logon attempts within a 15-minute time period.

Description

Remediation Templates

A Manual Procedure