UCF STIG Viewer Logo

Password/passcode maximum failed attempts must be set to the required value.


Finding ID Version Rule ID IA Controls Severity
V-25011 WIR-MOS-PDA-017 SV-31264r1_rule IAIA-1 Medium
A hacker with unlimited attempts can determine the passcode of a smartphone within a few minutes using password hacking tools, which could lead to unauthorized access to the PDA/smartphone and disclosure of sensitive DoD data.
PDA Security Technical Implementation Guide (STIG) 2014-03-18


Check Text ( C-31672r1_chk )
Check a sample (3-4 devices) of site PDAs and verify the PDA has been configured to wipe after 10 (or less) incorrect passwords have been entered.
Fix Text (F-27662r2_fix)
Set password/passcode maximum failed attempts to 10 or less.