AOS must be configured to enforce the limit of three consecutive invalid login attempts, after which time it must block any login attempt for 15 minutes.

An XCCDF Rule

Details
Profiles

Description

By limiting the number of failed login attempts, the risk of unauthorized system access via user password guessing, otherwise known as brute-forcing, is reduced.

ID: SV-266911r1039754_rule
Version: ARBA-ND-000214
Severity: Medium
References: CCI-000044
Updated: about 2 months ago

Remediation Templates

Configure AOS with the following commands: 
configure terminal  
aaa password-policy mgmt 
password-lock-out 3 
password-lock-out-time 15 
enable exit 
write memory

AOS must be configured to enforce the limit of three consecutive invalid login attempts, after which time it must block any login attempt for 15 minutes.

Description

Remediation Templates

A Manual Procedure