Navigate

CCI-000043

CCI-000043 Definition

Defines the maximum number of consecutive invalid logon attempts to the information system by a user during an organization-defined time period.

Status
Type	CheckType.policy

Master Assessment Datasheet

Implementation Guidance

DoD has defined the maximum number as three.

Validation Procedures

The organization being inspected/assessed is automatically compliant with this CCI because they are covered at the DoD level. DoD has defined the maximum number as three.

Compelling Evidence

Automatically compliant

Related Controls

The controls below (if any) were marked by NIST as being related to CCI-000043.

Control	Description
AC-7	The information system: a: Enforces a limit of [one of ] consecutive invalid logon attempts by a user during a [one of ]; and b: Automatically [one of "locks the account/node for an {{ insert: param, ac-7_prm_4 }} "/"locks the account/node until released by an administrator"/"delays next logon prompt according to {{ insert: param, ac-7_prm_5 }} "] when the maximum number of unsuccessful attempts is exceeded.

Control

Description

AC-7

The information system:

a: Enforces a limit of [one of ] consecutive invalid logon attempts by a user during a [one of ]; and

b: Automatically [one of "locks the account/node for an {{ insert: param, ac-7_prm_4 }} "/"locks the account/node until released by an administrator"/"delays next logon prompt according to {{ insert: param, ac-7_prm_5 }} "] when the maximum number of unsuccessful attempts is exceeded.