UCF STIG Viewer Logo
Changes are coming to https://stigviewer.com. Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey

The operating system must enforce the organization defined time period during which the limit of consecutive invalid access attempts by a user is counted.


Overview

Finding ID Version Rule ID IA Controls Severity
V-33260 SRG-OS-000249-NA SV-43679r1_rule Medium
Description
By limiting the number of failed login attempts, the risk of unauthorized system access via user password guessing, otherwise known as brute forcing, is reduced. Limits are imposed by locking the account. Rationale for non-applicability: Mobile devices are more likely to be lost or stolen, and therefore more likely to be subjected to a slow password attack. Therefore, users will not be permitted to engage in further attempts after a defined time period. Per CCI 1383, if the user cannot successfully authenticate within an organization defined number of attempts, the mobile device is wiped regardless of the time period. In effect, the required time period is infinite.
STIG Date
Mobile Operating System Security Requirements Guide 2012-10-01

Details

Check Text ( C-41557r1_chk )
This requirement is NA for the Mobile OS SRG.
Fix Text (F-37190r1_fix)
The requirement is NA. No fix is required.