The network device must enforce the organizationally defined time period over which the number of invalid login attempts are counted.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| SRG-NET-000039-NDM-000026 | SRG-NET-000039-NDM-000026 | SRG-NET-000039-NDM-000026_rule | Medium |
| Description |
|---|
| To reduce the risk of successful malicious login attempts, the network device must define the time period over which the number of failed login attempts is counted before enforcement action is taken. |
| STIG | Date |
|---|---|
| Network Device Management Security Requirements Guide | 2013-07-30 |
Details
| Check Text ( C-SRG-NET-000039-NDM-000026_chk ) |
|---|
| Review the network device configuration for both the local and network connections to determine whether the setting for the time period the number of invalid login attempts is counted is configured and enforced. If the network device is not configured to enforce the organizationally defined limit of consecutive invalid login attempts, this is a finding. |
| Fix Text (F-SRG-NET-000039-NDM-000026_fix) |
|---|
| Configure the network device to enforce the organizationally defined time period over which the number of invalid login attempts is counted. |