An error occurred:

Check: SRG-OS-000021-GPOS-00005

General Purpose Operating System SRG: SRG-OS-000021-GPOS-00005 (in versions v2 r7 through v1 r4)

Title

The operating system must enforce the limit of three consecutive invalid logon attempts by a user during a 15-minute time period. (Cat II impact)

Discussion

By limiting the number of failed logon attempts, the risk of unauthorized system access via user password guessing, otherwise known as brute-force attacks, is reduced. Limits are imposed by locking the account.

Check Content

Verify that the operating system enforces the limit of three consecutive invalid logon attempts by a user during a 15-minute time period. If it does not, this is a finding.

Fix Text

Configure the operating system to enforce the limit of three consecutive invalid logon attempts by a user during a 15-minute time period.

Additional Identifiers

Rule ID: SV-203594r557040_rule

Vulnerability ID: V-203594

Group Title: SRG-OS-000021

Expert Comments

Expert comments are only available to logged-in users.

CCIs

CCIs tied to check.
Number Definition
CCI-000044

The information system enforces the organization-defined limit of consecutive invalid logon attempts by a user during the organization-defined time period.

Controls

Controls tied to check. These are derived from the CCIs shown above.
Number Title
AC-7

Unsuccessful Logon Attempts