UCF STIG Viewer Logo
Changes are coming to https://stigviewer.com. Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey

The IDPS must automatically lock out an account after the maximum number of unsuccessful login attempts are exceeded and remain locked until released by an administrator.


Overview

Finding ID Version Rule ID IA Controls Severity
SRG-NET-000040-IDPS-000059 SRG-NET-000040-IDPS-000059 SRG-NET-000040-IDPS-000059_rule Medium
Description
Locking out an account after a maximum number of unsuccessful login attempts are exceeded will reduce the risk of unauthorized system access via password guessing.
STIG Date
IDPS Security Requirements Guide (SRG) 2012-03-08

Details

Check Text ( C-43187_chk )
Verify the setting for account lockout time release is set so the lockout remain in place until a system administrator takes action to unlock the account.

If the account lockout time is not set to release only when the system administrator takes action to unlock the account, this is a finding.
Fix Text (F-43187_fix)
Enable the setting or lockout time for administrator accounts used for accessing IDPS. Configure the account lockout to release only when the administrator takes action to unlock the account.