| 5.4.12 Ensure accounts lock for a minimum of 15 minutes after three unsuccessful logon attempts within a 15-minute timeframe - password-auth deny | CIS Red Hat Enterprise Linux 7 STIG v2.0.0 STIG | Unix | ACCESS CONTROL |
| 5.4.12 Ensure accounts lock for a minimum of 15 minutes after three unsuccessful logon attempts within a 15-minute timeframe - password-auth even_deny_root | CIS Red Hat Enterprise Linux 7 STIG v2.0.0 STIG | Unix | ACCESS CONTROL |
| 5.4.12 Ensure accounts lock for a minimum of 15 minutes after three unsuccessful logon attempts within a 15-minute timeframe - password-auth fail_interval | CIS Red Hat Enterprise Linux 7 STIG v2.0.0 STIG | Unix | ACCESS CONTROL |
| 5.4.12 Ensure accounts lock for a minimum of 15 minutes after three unsuccessful logon attempts within a 15-minute timeframe - password-auth unlock_time | CIS Red Hat Enterprise Linux 7 STIG v2.0.0 STIG | Unix | ACCESS CONTROL |
| 5.4.12 Ensure accounts lock for a minimum of 15 minutes after three unsuccessful logon attempts within a 15-minute timeframe - system-auth deny | CIS Red Hat Enterprise Linux 7 STIG v2.0.0 STIG | Unix | ACCESS CONTROL |
| 5.4.12 Ensure accounts lock for a minimum of 15 minutes after three unsuccessful logon attempts within a 15-minute timeframe - system-auth even_deny_root | CIS Red Hat Enterprise Linux 7 STIG v2.0.0 STIG | Unix | ACCESS CONTROL |
| 5.4.12 Ensure accounts lock for a minimum of 15 minutes after three unsuccessful logon attempts within a 15-minute timeframe - system-auth fail_interval | CIS Red Hat Enterprise Linux 7 STIG v2.0.0 STIG | Unix | ACCESS CONTROL |
| 5.4.12 Ensure accounts lock for a minimum of 15 minutes after three unsuccessful logon attempts within a 15-minute timeframe - system-auth unlock_time | CIS Red Hat Enterprise Linux 7 STIG v2.0.0 STIG | Unix | ACCESS CONTROL |
| AIX7-00-001003 - AIX must enforce the limit of three consecutive invalid login attempts by a user before the user account is locked and released by an administrator. | DISA STIG AIX 7.x v3r1 | Unix | ACCESS CONTROL |
| AOSX-13-001324 - The macOS system must enforce an account lockout time period of 15 minutes in which a user makes three consecutive invalid logon attempts. | DISA STIG Apple Mac OSX 10.13 v2r5 | Unix | ACCESS CONTROL |
| AOSX-14-000021 - The macOS system must enforce an account lockout time period of 15 minutes in which a user makes three consecutive invalid logon attempts. | DISA STIG Apple Mac OSX 10.14 v2r6 | Unix | ACCESS CONTROL |
| AOSX-15-000021 - The macOS system must enforce an account lockout time period of 15 minutes in which a user makes three consecutive invalid logon attempts. | DISA STIG Apple Mac OSX 10.15 v1r10 | Unix | ACCESS CONTROL |
| Catalina - Limit Consecutive Failed Login Attempts to Three | NIST macOS Catalina v1.5.0 - 800-171 | Unix | ACCESS CONTROL |
| Catalina - Limit Consecutive Failed Login Attempts to Three | NIST macOS Catalina v1.5.0 - 800-53r4 High | Unix | ACCESS CONTROL |
| Catalina - Limit Consecutive Failed Login Attempts to Three | NIST macOS Catalina v1.5.0 - 800-53r4 Low | Unix | ACCESS CONTROL |
| Catalina - Limit Consecutive Failed Login Attempts to Three | NIST macOS Catalina v1.5.0 - CNSSI 1253 | Unix | ACCESS CONTROL |
| Catalina - Limit Consecutive Failed Login Attempts to Three | NIST macOS Catalina v1.5.0 - 800-53r5 Low | Unix | ACCESS CONTROL |
| Catalina - Limit Consecutive Failed Login Attempts to Three | NIST macOS Catalina v1.5.0 - 800-53r5 High | Unix | ACCESS CONTROL |
| Catalina - Limit Consecutive Failed Login Attempts to Three | NIST macOS Catalina v1.5.0 - 800-53r5 Moderate | Unix | ACCESS CONTROL |
| Catalina - Limit Consecutive Failed Login Attempts to Three | NIST macOS Catalina v1.5.0 - All Profiles | Unix | ACCESS CONTROL |
| Catalina - Limit Consecutive Failed Login Attempts to Three | NIST macOS Catalina v1.5.0 - 800-53r4 Moderate | Unix | ACCESS CONTROL |
| F5BI-DM-000185 - The BIG-IP appliance must be configured to automatically lock the account until the locked account is released by an administrator when three unsuccessful logon attempts in 15 minutes are exceeded. | DISA F5 BIG-IP Device Management STIG v2r3 | F5 | ACCESS CONTROL, CONFIGURATION MANAGEMENT |
| OL07-00-010320 - The Oracle Linux operating system must be configured to lock accounts for a minimum of 15 minutes after three unsuccessful logon attempts within a 15-minute timeframe. | DISA Oracle Linux 7 STIG v3r1 | Unix | ACCESS CONTROL |
| OL07-00-010330 - The Oracle Linux operating system must lock the associated account after three unsuccessful root logon attempts are made within a 15-minute period. | DISA Oracle Linux 7 STIG v3r1 | Unix | ACCESS CONTROL |
| PANW-NM-000092 - The Palo Alto Networks security platform must automatically lock the account until the locked account is released by an administrator when three unsuccessful logon attempts in 15 minutes are exceeded. | DISA STIG Palo Alto NDM v3r2 | Palo_Alto | ACCESS CONTROL, CONFIGURATION MANAGEMENT |
| RHEL-06-000356 - The system must require administrator action to unlock an account locked by excessive failed login attempts - 'password-auth auth required' | DISA Red Hat Enterprise Linux 6 STIG v2r2 | Unix | ACCESS CONTROL |
| RHEL-06-000357 - The system must disable accounts after excessive login failures within a 15-minute interval - password-auth account required | DISA Red Hat Enterprise Linux 6 STIG v2r2 | Unix | ACCESS CONTROL |
| RHEL-06-000357 - The system must disable accounts after excessive login failures within a 15-minute interval - sys-auth auth [default=die] | DISA Red Hat Enterprise Linux 6 STIG v2r2 | Unix | ACCESS CONTROL |
| RHEL-06-000357 - The system must disable accounts after excessive login failures within a 15-minute interval - system-auth account required | DISA Red Hat Enterprise Linux 6 STIG v2r2 | Unix | ACCESS CONTROL |
| RHEL-07-010320 - The Red Hat Enterprise Linux operating system must be configured to lock accounts for a minimum of 15 minutes after three unsuccessful logon attempts within a 15-minute timeframe. | DISA Red Hat Enterprise Linux 7 STIG v3r15 | Unix | ACCESS CONTROL |
| UBTU-16-010290 - The Ubuntu operating system must automatically lock an account until the locked account is released by an administrator when three unsuccessful logon attempts. | DISA STIG Ubuntu 16.04 LTS v2r3 | Unix | ACCESS CONTROL |
| UBTU-18-010033 - The Ubuntu operating system must be configured so that three consecutive invalid logon attempts by a user automatically locks the account until released by an administrator. | DISA STIG Ubuntu 18.04 LTS v2r15 | Unix | ACCESS CONTROL |
| WN10-AC-000015 - The period of time before the bad logon counter is reset must be configured to 15 minutes. | DISA Windows 10 STIG v3r2 | Windows | ACCESS CONTROL |
| WN12-AC-000001 - Windows 2012 account lockout duration must be configured to 15 minutes or greater. | DISA Windows Server 2012 and 2012 R2 DC STIG v3r7 | Windows | ACCESS CONTROL |
| WN12-AC-000001 - Windows 2012 account lockout duration must be configured to 15 minutes or greater. | DISA Windows Server 2012 and 2012 R2 MS STIG v3r7 | Windows | ACCESS CONTROL |
| WN12-AC-000003 - The reset period for the account lockout counter must be configured to 15 minutes or greater on Windows 2012. | DISA Windows Server 2012 and 2012 R2 MS STIG v3r7 | Windows | ACCESS CONTROL |
| WN12-AC-000003 - The reset period for the account lockout counter must be configured to 15 minutes or greater on Windows 2012. | DISA Windows Server 2012 and 2012 R2 DC STIG v3r7 | Windows | ACCESS CONTROL |
| WN16-AC-000010 - Windows 2016 account lockout duration must be configured to 15 minutes or greater. | DISA Windows Server 2016 STIG v2r9 | Windows | ACCESS CONTROL |
| WN16-AC-000030 - Windows Server 2016 must have the period of time before the bad logon counter is reset configured to 15 minutes or greater. | DISA Windows Server 2016 STIG v2r9 | Windows | ACCESS CONTROL |
| WN19-AC-000010 - Windows Server 2019 account lockout duration must be configured to 15 minutes or greater. | DISA Windows Server 2019 STIG v3r2 | Windows | ACCESS CONTROL |
| WN19-AC-000030 - Windows Server 2019 must have the period of time before the bad logon counter is reset configured to 15 minutes or greater. | DISA Windows Server 2019 STIG v3r2 | Windows | ACCESS CONTROL |
