Finding ID | Version | Rule ID | IA Controls | Severity |
---|---|---|---|---|
V-35131 | SRG-APP-000076-AS-000041 | SV-46418r1_rule | Low |
Description |
---|
AS administrators need to be aware of activity that occurs regarding their account. Providing AS administrators with information regarding the number of unsuccessful login attempts made to their account allows them to determine if any unauthorized activity has occurred and gives them an opportunity to notify or coordinate with the appropriate security personnel and ensure other systems have not been affected. If administrators are not aware of potential attacks against a system, they cannot perform due diligence to ensure access is not granted to unauthorized users. |
STIG | Date |
---|---|
Application Server Security Requirements Guide | 2013-01-08 |
Check Text ( C-43519r1_chk ) |
---|
Review AS product documentation and configuration to determine if the administrators are informed of the number of unsuccessful login attempts since the last successful login If the administrators are not informed of this information, this is a finding. |
Fix Text (F-39683r1_fix) |
---|
Configure the AS to display the number of unsuccessful login attempts since the last successful login. |