Changes are coming to https://stigviewer.com.
Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey
Password/passcode maximum failed attempts must be set to the required value.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| V-25011 | WIR-MOS-PDA-017 | SV-31264r3_rule | ECWN-1 IAIA-1 | Medium |
| Description |
|---|
| A hacker with unlimited attempts can determine the passcode of a smartphone within a few minutes using password hacking tools, which could lead to unauthorized access to the PDA/smartphone and disclosure of sensitive DoD data. |
| STIG | Date |
|---|---|
| PDA/Smartphone Security Technical Implementation Guide | 2011-10-07 |
Details
| Check Text ( C-31672r1_chk ) |
|---|
| Check a sample (3-4 devices) of site PDAs and verify the PDA has been configured to wipe after 10 (or less) incorrect passwords have been entered. |
| Fix Text (F-27662r2_fix) |
|---|
| Set password/passcode maximum failed attempts to required value. |