CCI-003691

Enforce a limit of organization-defined number consecutive invalid logon attempts through use of the alternative factors by a user during a organization-defined time period.

Implementation Guidance

Determine if a limit of [AC-07(04)_ODP[02]; the number of consecutive, invalid logon attempts through the use of alternative factors for which to enforce a limit by a user is defined] consecutive invalid logon attempts through the use of the alternative factors by the user during a [AC-07(04)_ODP[03]; time period during which a user can attempt logons through alternative factors is defined] is enforced.

Validation Procedures

Examine: [SELECT FROM: Access control policy; procedures addressing unsuccessful logon attempts for primary and alternate authentication factors; system design documentation; system configuration settings and associated documentation; system audit records; system security plan; other relevant documents or records]. Interview: [SELECT FROM: System/network administrators; organizational personnel with information security responsibilities]. Test: [SELECT FROM: Mechanisms implementing access control policy for unsuccessful logon attempts].

The controls below (if any) were marked by NIST as being related to CCI-003691.