UCF STIG Viewer Logo
Changes are coming to https://stigviewer.com. Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey

The firewall implementation must enforce the organizationally defined maximum number of consecutive invalid login attempts.


Overview

Finding ID Version Rule ID IA Controls Severity
SRG-NET-000038-FW-000033 SRG-NET-000038-FW-000033 SRG-NET-000038-FW-000033_rule Medium
Description
The firewall implementation must limit the number of times an account may consecutively fail at login. By limiting the number of failed login attempts, the risk of unauthorized system access by password guessing (i.e., brute force attack) is reduced.
STIG Date
Firewall Security Requirements Guide 2012-12-10

Details

Check Text ( C-SRG-NET-000038-FW-000033_chk )
Review the firewall configuration for both the local and network connections to determine whether the setting for the maximum number of consecutive invalid login attempts is configured and enforced.

If the firewall is not configured to enforce the organizationally defined limit of consecutive invalid login attempts, this is a finding.
Fix Text (F-SRG-NET-000038-FW-000033_fix)
Configure the firewall implementation to enforce the organizationally defined maximum number of consecutive invalid login attempts.