Navigate

CCI-002238

CCI-002238 Definition

Automatically lock the account or node for either an organization-defined time period, until the locked account or node is released by an administrator, or delays the next logon prompt according to the organization-defined delay algorithm when the maximum number of unsuccessful logon attempts is exceeded.

Status
Type	CheckType.technical

Master Assessment Datasheet

Implementation Guidance

Validation Procedures

Related Controls

The controls below (if any) were marked by NIST as being related to CCI-002238.

Control	Description
AC-7	The information system: a: Enforces a limit of [one of ] consecutive invalid logon attempts by a user during a [one of ]; and b: Automatically [one of "locks the account/node for an {{ insert: param, ac-7_prm_4 }} "/"locks the account/node until released by an administrator"/"delays next logon prompt according to {{ insert: param, ac-7_prm_5 }} "] when the maximum number of unsuccessful attempts is exceeded.

Control

Description

AC-7

The information system:

a: Enforces a limit of [one of ] consecutive invalid logon attempts by a user during a [one of ]; and

b: Automatically [one of "locks the account/node for an {{ insert: param, ac-7_prm_4 }} "/"locks the account/node until released by an administrator"/"delays next logon prompt according to {{ insert: param, ac-7_prm_5 }} "] when the maximum number of unsuccessful attempts is exceeded.