2.8 - Account lockout policy should be enabled - Lockout Enabled

Warning! Audit Deprecated

This audit has been deprecated and will be removed in a future update.

View Next Audit Version

Information

The account lockout feature should be enabled and the related parameters should be set in accordance with corporate security standards and guidelines.

Locking out accounts after a specified number of failed logon attempts decreases the risk that user accounts will be compromised through brute force attacks.

Solution

1. Login to the Administration Console.
2. In the Change Center, click Lock & Edit.
3. In the left pane, select the Domain name.
4. Select Security Realms > Name of the active Security Realm.
5. Select Configuration > User Lockout.
6 a) To enable account Lock out
Check the box next to the 'Lockout Enabled' attribute, click Save
6 b) To set Lockout Threshold
Set 'Lockout Threshold' to [No. of attempts]. click Save.
6 c) To enable Lockout Threshold, click Save.
Set 'Lockout Duration' to [Duration in minutes].

Item Details

Category: ACCESS CONTROL

References: 800-53|AC-7

Plugin: Unix

Control ID: 7561ee2646459cbf2f5ed4e04649c7014a7d793db15e58a04eac81b96627fcd0