The macOS system must limit consecutive failed log on attempts to three.

An XCCDF Rule

Details
Profiles

Description

The macOS must be configured to limit the number of failed log on attempts to a maximum of three. When the maximum number of failed attempts is reached, the account must be locked for a period of time after. This rule protects against malicious users attempting to gain access to the system via brute-force hacking methods. Satisfies: SRG-OS-000021-GPOS-00005,SRG-OS-000329-GPOS-00128

ID: SV-259428r958388_rule
Version: APPL-14-000022
Severity: Medium
References: CCI-000044 CCI-002238
Updated: about 2 months ago

Remediation Templates

Configure the macOS system to limit consecutive failed log on attempts to three by installing the "com.apple.mobiledevice.passwordpolicy" configuration profile or by a directory service.

The macOS system must limit consecutive failed log on attempts to three.

Description

Remediation Templates

A Manual Procedure