UCF STIG Viewer Logo

IBM Aspera Shares must lock accounts after three unsuccessful login attempts within a 15-minute timeframe.


Overview

Finding ID Version Rule ID IA Controls Severity
V-252600 ASP4-SH-060130 SV-252600r831511_rule Medium
Description
By limiting the number of failed login attempts, the risk of unauthorized system access via user password guessing, otherwise known as brute-forcing, is reduced. Limits are imposed by locking the account.
STIG Date
IBM Aspera Platform 4.2 Security Technical Implementation Guide 2022-08-24

Details

Check Text ( C-56056r817968_chk )
If the IBM Aspera Shares feature of the Aspera Platform is not installed, this is Not Applicable.

Verify IBM Aspera Shares locks accounts after three unsuccessful login attempts within a 15-minute timeframe:

- Log in to the IBM Aspera Shares web page as a user with administrative privilege.
- Select the "Admin" tab.
- Scroll down to the "Security" section.
- Select the "User Security" option.
- Verify the "Failed login count" is set to "3" or less.
- Verify the "Failed login interval" is set to "15" or less.

If the "Failed login count" is set to more than "3", this is a finding.

If the "Failed login interval" is set to more than "15" minutes, this is a finding.
Fix Text (F-56006r817969_fix)
Configure IBM Aspera Shares to lock accounts after three unsuccessful login attempts within a 15-minute timeframe:

- Log in to the IBM Aspera Shares web page as a user with administrative privilege.
- Select the "Admin" tab.
- Scroll down to the "Security" section.
- Select the "User Security" option.
- Edit the "Failed login count" option to "3" or less.
- Edit the "Failed login interval" option to "15" minutes or less.
- Select "Save" at the bottom of the page.