The IDPS must notify the user of the number of unsuccessful login attempts to the local device occurring during organizationally defined time period.

Overview

Finding ID	Version	Rule ID	IA Controls	Severity
SRG-NET-000051-IDPS-000066	SRG-NET-000051-IDPS-000066	SRG-NET-000051-IDPS-000066_rule		Low

Description
Providing users with information regarding the number of unsuccessful logon attempts to the local device that has occurred over an organizationally defined time period. Without this information, the user may not become aware that unauthorized activity has occurred.

STIG	Date
IDPS Security Requirements Guide (SRG)	2012-03-08

Details

Check Text ( C-43194_chk )
Have the administrator connect to the management console using the GUI. Note if the number of unsuccessful logon attempts occurring during organizationally defined time period. Have the administrator connect to the maintenance console using the SSH interface. Note if the number of unsuccessful logon attempts since the last successful logon is displayed. Repeat the above steps for each sensor. If number of unsuccessful logon attempts occurring during organizationally defined time period is not displayed, this is a finding.

Check Text ( C-43194_chk )

Have the administrator connect to the management console using the GUI.
Note if the number of unsuccessful logon attempts occurring during organizationally defined time period.
Have the administrator connect to the maintenance console using the SSH interface.
Note if the number of unsuccessful logon attempts since the last successful logon is displayed.
Repeat the above steps for each sensor.

If number of unsuccessful logon attempts occurring during organizationally defined time period is not displayed, this is a finding.

Fix Text (F-43194_fix)
Configure the IDPS management console GUI and SSH interface to display the number of unsuccessful logon attempts occurring during organizationally defined time period.