Navigate

CCI-000043

CCI-000043 Definition

The organization defines the maximum number of consecutive invalid logon attempts to the information system by a user during an organization-defined time period.

Status
Type	CheckType.policy

Master Assessment Datasheet

Implementation Guidance

DoD has defined the maximum number as three.

Validation Procedures

The organization being inspected/assessed is automatically compliant with this CCI because they are covered at the DoD level. DoD has defined the maximum number as three.

Compelling Evidence

Automatically compliant

Related Controls

The controls below (if any) were marked by NIST as being related to CCI-000043.

Control	Description
AC-7	The information system: AC-7a.: Enforces a limit of [Assignment: organization-defined number] consecutive invalid logon attempts by a user during a [Assignment: organization-defined time period]; and AC-7b.: Automatically [Selection: locks the account/node for an [Assignment: organization-defined time period]; locks the account/node until released by an administrator; delays next logon prompt according to [Assignment: organization-defined delay algorithm]] when the maximum number of unsuccessful attempts is exceeded.

Control

Description

AC-7

The information system:

AC-7a.: Enforces a limit of [Assignment: organization-defined number] consecutive invalid logon attempts by a user during a [Assignment: organization-defined time period]; and

AC-7b.: Automatically [Selection: locks the account/node for an [Assignment: organization-defined time period]; locks the account/node until released by an administrator; delays next logon prompt according to [Assignment: organization-defined delay algorithm]] when the maximum number of unsuccessful attempts is exceeded.