UCF STIG Viewer Logo
Changes are coming to https://stigviewer.com. Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey

Time before bad-logon counter is reset does not meet minimum requirements.


Overview

Finding ID Version Rule ID IA Controls Severity
V-1098 4.003 SV-25016r1_rule ECLO-1 ECLO-2 Medium
Description
This parameter specifies the amount of time that must pass between two successive login attempts to ensure that a lockout will occur. The smaller this value is, the less effective the account lockout feature will be in protecting the local system.
STIG Date
Windows 7 Security Technical Implementation Guide 2014-06-27

Details

Check Text ( C-3203r1_chk )
Analyze the system using the Security Configuration and Analysis snap-in.
Expand the Security Configuration and Analysis tree view.
Navigate to Account Policies -> Account Lockout Policy.

If the “Reset account lockout counter after” value is less than 60 minutes, then this is a finding.
Fix Text (F-6570r1_fix)
Configure the system to have the lockout counter reset itself after a minimum of 60 minutes.