Title

The DSN component is not configured to be unavailable for 60 seconds after 3 consecutive failed logon attempts. (Cat II impact)

Discussion

Requirement: The IAO will ensure that management ports that receive three consecutive failed logon attempts will be unavailable for at least 60 seconds. After three failed logon attempts the system should be configured to force the user to wait for 60 seconds. This measure will prevent unauthorized access through the means of hacking a password. If the time that the port is unavailable is substantially greater than 60 seconds, denial of service could result by maliciously attempting logins on all ports.

Check Content

Have the IAO or SA demonstrate compliance with the requirement; minimally on a sampling of the related or effected devices. Inspect configuration files as applicable.

Fix Text

Ensure the system is configured to make the port unavailable for 60 seconds after 3 failed logon attempts.

Additional Identifiers

Rule ID: SV-8484r1_rule

Vulnerability ID: V-7998

Group Title: Maint ports do not lock out after 3 failed attempt

Expert Comments

CCIs tied to check.

Controls tied to check. These are derived from the CCIs shown above.