The operating system must notify the user of the number of unsuccessful login/access attempts that occur during organization defined time period.

Overview

Finding ID	Version	Rule ID	IA Controls	Severity
V-33245	SRG-OS-000234-NA	SV-43663r1_rule		Medium

Description
Users need to be aware of activity that occurs regarding their account. Providing users with information regarding the number of unsuccessful attempts made to login to their account allows the user to determine if any unauthorized activity has occurred and gives them an opportunity to notify administrators. Rationale for non-applicability: This control is better addressed by CCI-000053, which also covers notification to users of unsuccessful logon attempts. CCI-001392 incorporates the notion of a time period that is not utilized in mobile OS.

Description

Users need to be aware of activity that occurs regarding their account. Providing users with information regarding the number of unsuccessful attempts made to login to their account allows the user to determine if any unauthorized activity has occurred and gives them an opportunity to notify administrators. Rationale for non-applicability: This control is better addressed by CCI-000053, which also covers notification to users of unsuccessful logon attempts. CCI-001392 incorporates the notion of a time period that is not utilized in mobile OS.

STIG	Date
Mobile Operating System Security Requirements Guide	2013-07-03

Details

Check Text ( C-41541r1_chk )
This requirement is NA for the Mobile OS SRG.

Fix Text (F-37175r1_fix)
The requirement is NA. No fix is required.