Check: 4.004
Windows 2003 DC STIG:
4.004
(in version v6 r40)
Title
Lockout duration does not meet minimum requirements. (Cat II impact)
Discussion
This parameter specifies the amount of time that must pass before a locked-out account is automatically unlocked by the system.
Check Content
Fix Text
Configure the system so that the bad logon lockout duration conforms to DoD requirements.
Additional Identifiers
Rule ID: SV-29641r1_rule
Vulnerability ID: V-1099
Group Title:
Expert Comments
Expert comments are only available to logged-in users.
CCIs
CCIs tied to check.
| Number | Definition |
|---|---|
| CCI-002238 |
Automatically lock the account or node for either an organization-defined time period, until the locked account or node is released by an administrator, or delays the next logon prompt according to the organization-defined delay algorithm when the maximum number of unsuccessful logon attempts is exceeded. |
Controls
Controls tied to check. These are derived from the CCIs shown above.
| Number | Title |
|---|---|
| AC-7 |
Unsuccessful Logon Attempts |