The Bromium Enterprise Controller (BEC) lockout_delay_base in the settings.json file must be set to a minimum of 10 and the lockout_delay_scale must be set to 1 at a minimum.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| V-80425 | BROM-00-000100 | SV-95129r1_rule | Medium |
| Description |
|---|
| By limiting the number of failed logon attempts, the risk of unauthorized system access via user password guessing, otherwise known as brute forcing, is reduced. Limits are imposed by locking the account. |
| STIG | Date |
|---|---|
| Bromium Secure Platform 4.x Security Technical Implementation Guide | 2018-05-11 |
Details
| Check Text ( C-80097r1_chk ) |
|---|
| Navigate to C:\ProgramData\Bromium\BMS\settings.json on the BEC. Verify the value of lockout_delay_base is set to "10" and the lockout_delay_scale is set to "1" at a minimum. If the BEC lockout_delay_base in the settings.json file is not set to a minimum of "10" and the lockout_delay_scale is not set to a minimum of "1", this is a finding. |
| Fix Text (F-87231r1_fix) |
|---|
| Edit the BEC configuration file (C:\ProgramData\Bromium\BMS\settings.json) to set lockout_delay_base to "10" and the lockout_delay_scale to "1" at a minimum. |