| 1.50 WN22-AC-000030 | CIS Microsoft Windows Server 2022 STIG v3.0.0 MS CAT II | Windows | ACCESS CONTROL |
| 1.285 RHEL-09-411105 | CIS Red Hat Enterprise Linux 9 STIG v1.0.0 CAT II | Unix | ACCESS CONTROL |
| 1.290 RHEL-09-412045 | CIS Red Hat Enterprise Linux 9 STIG v1.0.0 CAT II | Unix | ACCESS CONTROL |
| 1.316 RHEL-09-611035 | CIS Red Hat Enterprise Linux 9 STIG v1.0.0 CAT II | Unix | ACCESS CONTROL |
| AIOS-01-080005 - Apple iOS must not allow more than 10 consecutive failed authentication attempts. | MobileIron - DISA Apple iOS 10 v1r3 | MDM | ACCESS CONTROL |
| AIOS-17-006900 - Apple iOS/iPadOS 17 must be configured to not allow more than 10 consecutive failed authentication attempts. | MobileIron - DISA Apple iOS/iPadOS 17 v2r2 | MDM | ACCESS CONTROL |
| AIOS-18-006900 - Apple iOS/iPadOS 18 must be configured to not allow more than 10 consecutive failed authentication attempts. | MobileIron - DISA Apple iOS/iPadOS 18 v2r2 | MDM | ACCESS CONTROL |
| ALMA-09-007500 - AlmaLinux OS 9 must automatically lock an account when three unsuccessful logon attempts occur. | DISA Cloud Linux AlmaLinux OS 9 STIG v1r6 | Unix | ACCESS CONTROL |
| ALMA-09-007610 - AlmaLinux OS 9 must automatically lock the root account until the root account is released by an administrator when three unsuccessful logon attempts occur during a 15-minute time period. | DISA Cloud Linux AlmaLinux OS 9 STIG v1r6 | Unix | ACCESS CONTROL |
| ALMA-09-007720 - AlmaLinux OS 9 must automatically lock an account when three unsuccessful logon attempts occur during a 15-minute time period. | DISA Cloud Linux AlmaLinux OS 9 STIG v1r6 | Unix | ACCESS CONTROL |
| ALMA-09-007940 - AlmaLinux OS 9 must configure the use of the pam_faillock.so module in the /etc/pam.d/password-auth file. | DISA Cloud Linux AlmaLinux OS 9 STIG v1r6 | Unix | ACCESS CONTROL |
| F5BI-DM-300013 - The F5 BIG-IP appliance must be configured to enforce the limit of three consecutive invalid logon attempts, after which time it must block any login attempt for at least 15 minutes. | DISA F5 BIG-IP TMOS NDM STIG v1r2 | F5 | ACCESS CONTROL |
| GOOG-11-000500 - Google Android 11 must be configured to not allow more than ten consecutive failed authentication attempts. | AirWatch - DISA Google Android 11 COBO v2r1 | MDM | ACCESS CONTROL |
| GOOG-11-000500 - Google Android 11 must be configured to not allow more than ten consecutive failed authentication attempts. | MobileIron - DISA Google Android 11 COBO v2r1 | MDM | ACCESS CONTROL |
| GOOG-12-006400 - Google Android 12 must be configured to not allow more than 10 consecutive failed authentication attempts. | AirWatch - DISA Google Android 12 COPE v1r2 | MDM | ACCESS CONTROL |
| GOOG-13-006400 - Google Android 13 must be configured to not allow more than 10 consecutive failed authentication attempts. | AirWatch - DISA Google Android 13 COPE STIG v2r3 | MDM | ACCESS CONTROL |
| GOOG-16-006400 - Google Android 16 must be configured to not allow more than 10 consecutive failed authentication attempts. | AirWatch - DISA Google Android 16 COBO STIG v1r1 | MDM | ACCESS CONTROL |
| HONW-09-000500 - The Honeywell Mobility Edge Android Pie device must be configured to not allow more than 10 consecutive failed authentication attempts. | MobileIron - DISA Honeywell Android 9.x COBO v1r2 | MDM | ACCESS CONTROL |
| HONW-13-006400 - Honeywell Android 13 must be configured to not allow more than 10 consecutive failed authentication attempts. | AirWatch - DISA Honeywell Android 13 COBO STIG v1r1 | MDM | ACCESS CONTROL |
| JUEX-NM-000080 - The Juniper EX switch must be configured to enforce the limit of three consecutive invalid logon attempts for any given user, after which time it must block any login attempt for that user for 15 minutes. | DISA Juniper EX Series Network Device Management v2r4 | Juniper | ACCESS CONTROL |
| MOTS-11-000500 - Motorola Solutions Android 11 must be configured to not allow more than ten consecutive failed authentication attempts. | AirWatch - DISA Motorola Solutions Android 11 COBO v1r3 | MDM | ACCESS CONTROL |
| MSFT-11-000500 - Microsoft Android 11 must be configured to not allow more than 10 consecutive failed authentication attempts. | MobileIron - DISA Microsoft Android 11 COBO v1r2 | MDM | ACCESS CONTROL |
| MSFT-11-000500 - Microsoft Android 11 must be configured to not allow more than 10 consecutive failed authentication attempts. | AirWatch - DISA Microsoft Android 11 COPE v1r2 | MDM | ACCESS CONTROL |
| OL09-00-003010 - OL 9 must configure SELinux context type to allow the use of a nondefault faillock tally directory. | DISA Oracle Linux 9 STIG v1r5 | Unix | ACCESS CONTROL |
| OL09-00-003011 - OL 9 must configure the use of the pam_faillock.so module in the /etc/pam.d/system-auth file. | DISA Oracle Linux 9 STIG v1r5 | Unix | ACCESS CONTROL |
| OL09-00-003022 - OL 9 must log username information when unsuccessful logon attempts occur. | DISA Oracle Linux 9 STIG v1r5 | Unix | ACCESS CONTROL |
| OL09-00-003023 - OL 9 must ensure account lockouts persist. | DISA Oracle Linux 9 STIG v1r5 | Unix | ACCESS CONTROL |
| PHTN-40-000004 - The Photon operating system must enforce the limit of three consecutive invalid logon attempts by a user during a 15-minute time period. | DISA VMware vSphere 8.0 vCenter Appliance Photon OS 4.0 STIG v2r1 | Unix | ACCESS CONTROL |
| PHTN-40-000194 - The Photon operating system must audit logon attempts for unknown users. | DISA VMware vSphere 8.0 vCenter Appliance Photon OS 4.0 STIG v2r1 | Unix | ACCESS CONTROL |
| PHTN-40-000195 - The Photon operating system must include root when automatically locking an account until the locked account is released by an administrator when three unsuccessful logon attempts occur during a 15-minute time period. | DISA VMware vSphere 8.0 vCenter Appliance Photon OS 4.0 STIG v2r1 | Unix | ACCESS CONTROL |
| RHEL-08-020014 - RHEL 8 must automatically lock an account until the locked account is released by an administrator when three unsuccessful logon attempts occur during a 15-minute time period. | DISA Red Hat Enterprise Linux 8 STIG v2r7 | Unix | ACCESS CONTROL |
| RHEL-08-020015 - RHEL 8 must automatically lock an account until the locked account is released by an administrator when three unsuccessful logon attempts occur during a 15-minute time period. | DISA Red Hat Enterprise Linux 8 STIG v2r7 | Unix | ACCESS CONTROL |
| RHEL-08-020016 - RHEL 8 must ensure account lockouts persist. | DISA Red Hat Enterprise Linux 8 STIG v2r7 | Unix | ACCESS CONTROL |
| RHEL-08-020017 - RHEL 8 must ensure account lockouts persist. | DISA Red Hat Enterprise Linux 8 STIG v2r7 | Unix | ACCESS CONTROL |
| RHEL-08-020018 - RHEL 8 must prevent system messages from being presented when three unsuccessful logon attempts occur. | DISA Red Hat Enterprise Linux 8 STIG v2r7 | Unix | ACCESS CONTROL |
| RHEL-08-020019 - RHEL 8 must prevent system messages from being presented when three unsuccessful logon attempts occur. | DISA Red Hat Enterprise Linux 8 STIG v2r7 | Unix | ACCESS CONTROL |
| RHEL-08-020023 - RHEL 8 must include root when automatically locking an account until the locked account is released by an administrator when three unsuccessful logon attempts occur during a 15-minute time period. | DISA Red Hat Enterprise Linux 8 STIG v2r7 | Unix | ACCESS CONTROL |
| RHEL-08-020026 - RHEL 8 must configure the use of the pam_faillock.so module in the /etc/pam.d/password-auth file. | DISA Red Hat Enterprise Linux 8 STIG v2r7 | Unix | ACCESS CONTROL |
| RHEL-09-412045 - RHEL 9 must log username information when unsuccessful logon attempts occur. | DISA Red Hat Enterprise Linux 9 STIG v2r8 | Unix | ACCESS CONTROL |
| RHEL-09-431020 - RHEL 9 must configure SELinux context type to allow the use of a nondefault faillock tally directory. | DISA Red Hat Enterprise Linux 9 STIG v2r8 | Unix | ACCESS CONTROL |
| RHEL-10-500020 - RHEL 10 must log username information when unsuccessful login attempts occur. | DISA Red Hat Enterprise Linux 10 STIG v1r1 | Unix | ACCESS CONTROL |
| RHEL-10-600610 - RHEL 10 must configure the use of the pam_faillock.so module in the "/etc/pam.d/password-auth" file. | DISA Red Hat Enterprise Linux 10 STIG v1r1 | Unix | ACCESS CONTROL |
| SHPT-00-000210 - Timer job retries for automatic password change on Managed Accounts must meet DoD password retry policy. | DISA STIG SharePoint 2010 v1r9 | Windows | ACCESS CONTROL |
| SPLK-CL-000060 - Splunk Enterprise must enforce the limit of three consecutive invalid logon attempts by a user during a 15-minute time period. | DISA STIG Splunk Enterprise 8.x for Linux v2r3 STIG OS | Unix | ACCESS CONTROL |
| WN11-AC-000010 - The number of allowed bad logon attempts must be configured to three or less. | DISA Microsoft Windows 11 STIG v2r7 | Windows | ACCESS CONTROL |
| WN11-AC-000015 - The period of time before the bad logon counter is reset must be configured to 15 minutes. | DISA Microsoft Windows 11 STIG v2r7 | Windows | ACCESS CONTROL |
| WN22-AC-000020 - Windows Server 2022 must have the number of allowed bad logon attempts configured to three or less. | DISA Microsoft Windows Server 2022 STIG v2r8 | Windows | ACCESS CONTROL |
| ZEBR-10-000500 - Zebra Android 10 must be configured to not allow more than 10 consecutive failed authentication attempts. | MobileIron - DISA Zebra Android 10 COBO v1r2 | MDM | ACCESS CONTROL |
| ZEBR-10-000500 - Zebra Android 10 must be configured to not allow more than 10 consecutive failed authentication attempts. | AirWatch - DISA Zebra Android 10 COPE v1r2 | MDM | ACCESS CONTROL |
| ZEBR-11-000500 - Zebra Android 11 must be configured to not allow more than 10 consecutive failed authentication attempts. | AirWatch - DISA Zebra Android 11 COBO STIG v1r4 | MDM | ACCESS CONTROL |
