The network element must automatically lock out an account after the maximum number of unsuccessful attempts is exceeded and remain locked until released by an administrator.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| V-26800 | SRG-NET-000040 | SV-34050r1_rule | Medium |
| Description |
|---|
| A malicious or unauthorized user could gain access to a network element by guessing or using methods such as dictionary attack, word list substitution, or brute force attack—all of which require multiple attempts. Locking out an account after a maximum number of unsuccessful attempts are exceeded will reduce the risk of unauthorized system access via password guessing. |
| STIG | Date |
|---|---|
| Network Security Requirements Guide | 2011-12-28 |
Details
| Check Text ( None ) |
|---|
| None |
| Fix Text (None) |
|---|
| None |