5.2.1 Configure account lockout threshold

Information

The account lockout feature mitigates brute-force password attacks on the system.

Solution

Perform the following to implement the prescribed state for all pwpolicy controls
1. Run the following command in Terminal:
pwpolicy -setaccountpolicies
Examples in pwpolicy man page and in the back of the Benchmark

See Also

https://workbench.cisecurity.org/files/301

Item Details

Category: ACCESS CONTROL

References: 800-53|AC-7a., CSCv6|16.7

Plugin: Unix

Control ID: 8dc70b962417ddc3f010609605c7e2237c332bbfbe04794aace686d3001f8313