Check: WIR-MOS-PDA-017
PDA STIG (STIG):
WIR-MOS-PDA-017
(in version v6 r8)
Title
Password/passcode maximum failed attempts must be set to the required value. (Cat II impact)
Discussion
A hacker with unlimited attempts can determine the passcode of a smartphone within a few minutes using password hacking tools, which could lead to unauthorized access to the PDA/smartphone and disclosure of sensitive DoD data.
Check Content
Check a sample (3-4 devices) of site PDAs and verify the PDA has been configured to wipe after 10 (or less) incorrect passwords have been entered.
Fix Text
Set password/passcode maximum failed attempts to 10 or less.
Additional Identifiers
Rule ID: SV-31264r1_rule
Vulnerability ID: V-25011
Group Title: Password/passcode maximum failed attempts
Expert Comments
Expert comments are only available to logged-in users.
CCIs
CCIs tied to check.
| Number | Definition |
|---|---|
| No CCIs are assigned to this check |
Controls
Controls tied to check. These are derived from the CCIs shown above.
| Number | Title |
|---|---|
| No controls are assigned to this check |