Finding ID | Version | Rule ID | IA Controls | Severity |
---|---|---|---|---|
V-33235 | SRG-OS-000227-MOS-000116 | SV-43653r1_rule | Medium |
Description |
---|
The recommended setting for the maximum number of consecutive unsuccessful unlock attempts is 10. In some environments, a lower number may be needed to provide greater protection of sensitive information. Allowing for configuration enables the local command to enforce greater protection when it is deemed necessary. If the limit is not configurable, then it is permissible for a site to procure and deploy devices that enforce the limit specified by the organization, so long as that limit does not exceed 10. |
STIG | Date |
---|---|
Mobile Operating System Security Requirements Guide | 2013-07-03 |
Check Text ( C-41531r1_chk ) |
---|
Review system documentation and operating system configuration to determine if the maximum number of consecutive unsuccessful unlock attempts is configurable within a range from 3 to 10. If this operating system parameter is not configurable, check that the operating system nonetheless supports the limit specified by the organization, which is an acceptable alternative. If the limit is not configurable and is not compliant with the organization defined limit or the limit exceeds 10, this is a finding. |
Fix Text (F-37165r1_fix) |
---|
Configure the mobile operating system maximum number of consecutive unsuccessful unlock attempts to be between 5 and 10. |