The application must notify the user of the number of unsuccessful login/access attempts occurring during an organization-defined time period.

Overview

Finding ID	Version	Rule ID	IA Controls	Severity
V-26884	SRG-APP-000078	SV-34164r1_rule		Medium

Description
Users need to be aware of activity that occurs regarding their application account. Providing users with information regarding the number of unsuccessful attempts made to login to their account allows the user to determine if any unauthorized activity has occurred and gives them an opportunity to notify administrators. This requirement is intended to cover both traditional logons to information systems and general accesses to information systems occurring in other types of architectural configurations (e.g., service oriented architectures). In order to inform the user of the number of unsuccessful login attempts made with the users account.

Description

Users need to be aware of activity that occurs regarding their application account. Providing users with information regarding the number of unsuccessful attempts made to login to their account allows the user to determine if any unauthorized activity has occurred and gives them an opportunity to notify administrators. This requirement is intended to cover both traditional logons to information systems and general accesses to information systems occurring in other types of architectural configurations (e.g., service oriented architectures). In order to inform the user of the number of unsuccessful login attempts made with the users account.

STIG	Date
Application Security Requirements Guide	2011-12-28

Details

Check Text ( None )
None

Fix Text (None)
None