UCF STIG Viewer Logo
Changes are coming to https://stigviewer.com. Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey

The firewall implementation must enforce the organizationally defined time period over which the number of invalid login attempts are counted.


Overview

Finding ID Version Rule ID IA Controls Severity
SRG-NET-000039-FW-000034 SRG-NET-000039-FW-000034 SRG-NET-000039-FW-000034_rule Medium
Description
To reduce the risk of successful malicious login attempts, the firewall implementation must define the time period over which the number of failed login attempts (CCI-000044) is counted before enforcement action is taken.
STIG Date
Firewall Security Requirements Guide 2012-12-10

Details

Check Text ( C-SRG-NET-000039-FW-000034_chk )
Review the firewall configuration for both the local and network connections to determine whether the setting for the time period over which the number of invalid login attempts is counted is configured and enforced.

If the firewall is not configured to enforce the organizationally defined limit of consecutive invalid login attempts, this is a finding.
Fix Text (F-SRG-NET-000039-FW-000034_fix)
Configure the firewall implementation to enforce the organizationally defined time period over which the number of invalid login attempts is counted.