UCF STIG Viewer Logo
Changes are coming to https://stigviewer.com. Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey

The macOS system must enforce an account lockout time period of 15 minutes in which a user makes three consecutive invalid logon attempts.


Overview

Finding ID Version Rule ID IA Controls Severity
V-225132 AOSX-15-000021 SV-225132r610901_rule Medium
Description
Setting a lockout time period of 15 minutes is an effective deterrent against brute forcing that also makes allowances for legitimate mistakes by users. When three invalid logon attempts are made, the account will be locked.
STIG Date
Apple OS X 10.15 (Catalina) Security Technical Implementation Guide 2022-06-06

Details

Check Text ( C-26831r467564_chk )
Password policy is set with the Passcode Policy configuration profile.

/usr/sbin/system_profiler SPConfigurationProfileDataType | /usr/bin/grep minutesUntilFailedLoginReset

If the return is null or not “minutesUntilFailedLoginReset = 15”, this is a finding.
Fix Text (F-26819r467565_fix)
This setting is enforced using the "Passcode Policy" configuration profile or by a directory service.