The network device must enforce the organizationally defined maximum number of consecutive invalid login attempts.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| SRG-NET-000038-NDM-000025 | SRG-NET-000038-NDM-000025 | SRG-NET-000038-NDM-000025_rule | Medium |
| Description |
|---|
| The network device must limit the number of times an account may consecutively fail at login. By limiting the number of failed login attempts, the risk of unauthorized system access by password guessing (i.e., brute force attack) is reduced. |
| STIG | Date |
|---|---|
| Network Device Management Security Requirements Guide | 2013-07-30 |
Details
| Check Text ( C-SRG-NET-000038-NDM-000025_chk ) |
|---|
| Review the network device configuration for both the local and network connections to determine whether the setting for the maximum number of consecutive invalid login attempts is configured and enforced. If the network device is not configured to enforce the organizationally defined limit of consecutive invalid login attempts, this is a finding. |
| Fix Text (F-SRG-NET-000038-NDM-000025_fix) |
|---|
| Configure the network device to enforce the organizationally defined maximum number of consecutive invalid login attempts. |