Check: SRG-APP-000065-UEM-000036
Unified Endpoint Management Server SRG:
SRG-APP-000065-UEM-000036
(in versions v2 r3 through v1 r1)
Title
The UEM server must enforce the limit of three consecutive invalid logon attempts by a user during a 15-minute time period. (Cat II impact)
Discussion
By limiting the number of failed login attempts, the risk of unauthorized system access via user password guessing, otherwise known as brute forcing, is reduced. Limits are imposed by locking the account. Satisfies:FMT_SMF.1(2)b. Reference:PP-MDM-431028
Check Content
Requirement is Not Applicable when the UEM server is configured to use DoD Central Directory Service for administrator account authentication. Verify the UEM server enforces the limit of three consecutive invalid logon attempts by a user during a 15-minute time period. If the UEM server does not enforce the limit of three consecutive invalid logon attempts by a user during a 15-minute time period, this is a finding.
Fix Text
Configure the UEM server to enforce the limit of three consecutive invalid logon attempts by a user during a 15-minute time period.
Additional Identifiers
Rule ID: SV-234310r960840_rule
Vulnerability ID: V-234310
Group Title: SRG-APP-000065
Expert Comments
CCIs
| Number | Definition |
|---|---|
| CCI-000044 |
Enforce the organization-defined limit of consecutive invalid logon attempts by a user during the organization-defined time period. |
Controls
| Number | Title |
|---|---|
| AC-7 |
Unsuccessful Logon Attempts |