The firewall implementation must enforce the organizationally defined maximum number of consecutive invalid login attempts.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| SRG-NET-000038-FW-000033 | SRG-NET-000038-FW-000033 | SRG-NET-000038-FW-000033_rule | Medium |
| Description |
|---|
| The firewall implementation must limit the number of times an account may consecutively fail at login. By limiting the number of failed login attempts, the risk of unauthorized system access by password guessing (i.e., brute force attack) is reduced. |
| STIG | Date |
|---|---|
| Firewall Security Requirements Guide | 2012-12-10 |
Details
| Check Text ( C-SRG-NET-000038-FW-000033_chk ) |
|---|
| Review the firewall configuration for both the local and network connections to determine whether the setting for the maximum number of consecutive invalid login attempts is configured and enforced. If the firewall is not configured to enforce the organizationally defined limit of consecutive invalid login attempts, this is a finding. |
| Fix Text (F-SRG-NET-000038-FW-000033_fix) |
|---|
| Configure the firewall implementation to enforce the organizationally defined maximum number of consecutive invalid login attempts. |