Changes are coming to https://stigviewer.com.
Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey
The operating system must enforce the limit of three consecutive invalid logon attempts by a user during a 15 minute time period.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| V-58467 | AOSX-09-001324 | SV-72897r1_rule | Medium |
| Description |
|---|
| Setting a lockout expiration of 15 minutes is an effective deterrent against brute forcing that also makes allowances for legitimate mistakes by users. |
| STIG | Date |
|---|---|
| Apple OS X 10.9 (Mavericks) Workstation Security Technical Implementation Guide | 2017-01-05 |
Details
| Check Text ( C-59313r1_chk ) |
|---|
| To check if the password policy is configured to disable an account after 3 unsuccessful login attempts, run the following command: sudo pwpolicy getglobalpolicy | tr ' ' '\n' | grep 'maxFailedLoginAttempts' If the result is not 'maxFailedLoginAttempts=3' and password policy is not controlled by a directory server, this is a finding. |
| Fix Text (F-63801r1_fix) |
|---|
| To set the password policy, run the following command: sudo pwpolicy setglobalpolicy 'maxFailedLoginAttempts=3' |