Finding ID | Version | Rule ID | IA Controls | Severity |
---|---|---|---|---|
V-234316 | SRG-APP-000076-UEM-000042 | SV-234316r879552_rule | Medium |
Description |
---|
Users need to be aware of activity that occurs regarding their application account. Providing users with information regarding the number of unsuccessful attempts made to log in to their account allows the user to determine if any unauthorized activity has occurred and gives them an opportunity to notify administrators. This requirement is intended to cover both traditional logons to information systems and general accesses to information systems that occur in other types of architectural configurations (e.g., service-oriented architectures). |
STIG | Date |
---|---|
Unified Endpoint Management Server Security Requirements Guide | 2023-02-13 |
Check Text ( C-37501r613958_chk ) |
---|
Verify the UEM server notifies the user, upon successful logon (access), of the number of unsuccessful logon (access) attempts since the last successful logon (access). If the UEM server does not notify the user, upon successful logon (access), of the number of unsuccessful logon (access) attempts since the last successful logon (access), this is a finding. |
Fix Text (F-37466r613959_fix) |
---|
Configure the UEM server to notify the user, upon successful logon (access), of the number of unsuccessful logon (access) attempts since the last successful logon (access). |