The macOS system must limit consecutive failed login attempts to three.
An XCCDF Rule
Description
The macOS must be configured to limit the number of failed login attempts to a maximum of three. When the maximum number of failed attempts is reached, the account must be locked for a period of time. This rule protects against malicious users attempting to gain access to the system via brute-force hacking methods. Satisfies: SRG-OS-000021-GPOS-00005, SRG-OS-000329-GPOS-00128
- ID
- SV-268428r1034224_rule
- Version
- APPL-15-000022
- Severity
- Medium
- References
- Updated
Remediation Templates
A Manual Procedure
Configure the macOS system to limit consecutive failed login attempts to three by installing the "com.apple.mobiledevice.passwordpolicy" configuration profile or by a directory service.