Finding ID | Version | Rule ID | IA Controls | Severity |
---|---|---|---|---|
V-1098 | 4.003 | SV-29639r1_rule | ECLO-1 ECLO-2 | Medium |
Description |
---|
This parameter specifies the amount of time that must pass between two successive login attempts to ensure that a lockout will occur. The smaller this value is, the less effective the account lockout feature will be in protecting the local system. |
STIG | Date |
---|---|
Windows 2008 Domain Controller Security Technical Implementation Guide | 2013-07-03 |
Check Text ( C-3203r1_chk ) |
---|
Analyze the system using the Security Configuration and Analysis snap-in. Expand the Security Configuration and Analysis tree view. Navigate to Account Policies -> Account Lockout Policy. If the “Reset account lockout counter after” value is less than 60 minutes, then this is a finding. |
Fix Text (F-6570r1_fix) |
---|
Configure the system to have the lockout counter reset itself after a minimum of 60 minutes. |