Changes are coming to https://stigviewer.com.
Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey
The system must disable accounts after three consecutive unsuccessful login attempts.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| V-766 | GEN000460 | SV-766r2_rule | ECLO-1 ECLO-2 | Medium |
| Description |
|---|
| Disabling accounts after a limited number of unsuccessful login attempts improves protection against password guessing attacks. |
| STIG | Date |
|---|---|
| UNIX SRG | 2013-03-26 |
Details
| Check Text ( C-27998r1_chk ) |
|---|
| Attempt to log on with a valid user id and incorrect password three times. If the system does not lock the account, requiring an SA to unlock it, this is a finding. |
| Fix Text (F-24355r1_fix) |
|---|
| Configure the system to lock accounts after three unsuccessful login attempts. |