CCI|CCI-000044

Title

Enforce the organization-defined limit of consecutive invalid logon attempts by a user during the organization-defined time period.

Reference Item Details

Category: 2024

Audit Items

View all Reference Audit Items

NamePluginAudit Name
4.002 - Number of allowed bad-logon attempts does not meet minimum requirements.WindowsDISA Windows Vista STIG v6r41
4.003 - Time before bad-logon counter is reset does not meet minimum requirements.WindowsDISA Windows Vista STIG v6r41
5.4.12 Ensure accounts lock for a minimum of 15 minutes after three unsuccessful logon attempts within a 15-minute timeframe - password-auth denyUnixCIS Red Hat Enterprise Linux 7 STIG v2.0.0 STIG
5.4.12 Ensure accounts lock for a minimum of 15 minutes after three unsuccessful logon attempts within a 15-minute timeframe - password-auth even_deny_rootUnixCIS Red Hat Enterprise Linux 7 STIG v2.0.0 STIG
5.4.12 Ensure accounts lock for a minimum of 15 minutes after three unsuccessful logon attempts within a 15-minute timeframe - password-auth fail_intervalUnixCIS Red Hat Enterprise Linux 7 STIG v2.0.0 STIG
5.4.12 Ensure accounts lock for a minimum of 15 minutes after three unsuccessful logon attempts within a 15-minute timeframe - password-auth unlock_timeUnixCIS Red Hat Enterprise Linux 7 STIG v2.0.0 STIG
5.4.12 Ensure accounts lock for a minimum of 15 minutes after three unsuccessful logon attempts within a 15-minute timeframe - system-auth denyUnixCIS Red Hat Enterprise Linux 7 STIG v2.0.0 STIG
5.4.12 Ensure accounts lock for a minimum of 15 minutes after three unsuccessful logon attempts within a 15-minute timeframe - system-auth even_deny_rootUnixCIS Red Hat Enterprise Linux 7 STIG v2.0.0 STIG
5.4.12 Ensure accounts lock for a minimum of 15 minutes after three unsuccessful logon attempts within a 15-minute timeframe - system-auth fail_intervalUnixCIS Red Hat Enterprise Linux 7 STIG v2.0.0 STIG
5.4.12 Ensure accounts lock for a minimum of 15 minutes after three unsuccessful logon attempts within a 15-minute timeframe - system-auth unlock_timeUnixCIS Red Hat Enterprise Linux 7 STIG v2.0.0 STIG
AIOS-01-080005 - Apple iOS must not allow more than 10 consecutive failed authentication attempts.MDMMobileIron - DISA Apple iOS 10 v1r3
AIOS-01-080005 - Apple iOS must not allow more than 10 consecutive failed authentication attempts.MDMAirWatch - DISA Apple iOS 10 v1r3
AIOS-12-000400 - Apple iOS must be configured to not allow more than 10 consecutive failed authentication attempts.MDMAirWatch - DISA Apple iOS 12 v2r1
AIOS-12-000400 - Apple iOS must be configured to not allow more than 10 consecutive failed authentication attempts.MDMMobileIron - DISA Apple iOS 12 v2r1
AIOS-13-000400 - Apple iOS/iPadOS must be configured to not allow more than 10 consecutive failed authentication attempts.MDMAirWatch - DISA Apple iOS/iPadOS 13 v2r1
AIOS-13-000400 - Apple iOS/iPadOS must be configured to not allow more than 10 consecutive failed authentication attempts.MDMMobileIron - DISA Apple iOS/iPadOS 13 v2r1
AIOS-14-000400 - The mobile operating system must be configured to not allow more than ten consecutive failed authentication attempts.MDMAirWatch - DISA Apple iOS/iPadOS 14 v1r3
AIOS-14-000400 - The mobile operating system must be configured to not allow more than ten consecutive failed authentication attempts.MDMMobileIron - DISA Apple iOS/iPadOS 14 v1r3
AIOS-15-006900 - Apple iOS/iPadOS 15 must be configured to not allow more than 10 consecutive failed authentication attempts.MDMMobileIron - DISA Apple iOS/iPadOS 14 v1r4
AIOS-15-006900 - Apple iOS/iPadOS 15 must be configured to not allow more than 10 consecutive failed authentication attempts.MDMAirWatch - DISA Apple iOS/iPadOS 14 v1r4
AIOS-16-006900 - Apple iOS/iPadOS 16 must be configured to not allow more than 10 consecutive failed authentication attempts.MDMAirWatch - DISA Apple iOS/iPadOS 16 v2r1
AIOS-16-006900 - Apple iOS/iPadOS 16 must be configured to not allow more than 10 consecutive failed authentication attempts.MDMMobileIron - DISA Apple iOS/iPadOS 16 v2r1
AIOS-16-706900 - Apple iOS/iPadOS 16 must be configured to not allow more than 10 consecutive failed authentication attempts.MDMMobileIron - DISA Apple iOS/iPadOS BYOAD 16 v1r1
AIOS-16-706900 - Apple iOS/iPadOS 16 must be configured to not allow more than 10 consecutive failed authentication attempts.MDMAirWatch - DISA Apple iOS/iPadOS 16 BYOAD v1r1
AIOS-17-006900 - Apple iOS/iPadOS 17 must be configured to not allow more than 10 consecutive failed authentication attempts.MDMAirWatch - DISA Apple iOS/iPadOS 17 v2r1
AIOS-17-006900 - Apple iOS/iPadOS 17 must be configured to not allow more than 10 consecutive failed authentication attempts.MDMMobileIron - DISA Apple iOS/iPadOS 17 v2r1
AIOS-17-706900 - Apple iOS/iPadOS 17 must be configured to not allow more than 10 consecutive failed authentication attempts.MDMMobileIron - DISA Apple iOS/iPadOS BYOAD 17 v1r1
AIOS-17-706900 - Apple iOS/iPadOS 17 must be configured to not allow more than 10 consecutive failed authentication attempts.MDMAirWatch - DISA Apple iOS/iPadOS 17 BYOAD v1r1
AIOS-18-006900 - Apple iOS/iPadOS 18 must be configured to not allow more than 10 consecutive failed authentication attempts.MDMAirWatch - DISA Apple iOS/iPadOS 18 v1r1
AIOS-18-006900 - Apple iOS/iPadOS 18 must be configured to not allow more than 10 consecutive failed authentication attempts.MDMMobileIron - DISA Apple iOS/iPadOS 18 v1r1
AIX7-00-001003 - AIX must enforce the limit of three consecutive invalid login attempts by a user before the user account is locked and released by an administrator.UnixDISA STIG AIX 7.x v3r1
ALMA-09-007500 - AlmaLinux OS 9 must automatically lock an account when three unsuccessful logon attempts occur.UnixDISA CloudLinux AlmaLinux OS 9 STIG v1r1
ALMA-09-007610 - AlmaLinux OS 9 must automatically lock the root account until the root account is released by an administrator when three unsuccessful logon attempts occur during a 15-minute time period.UnixDISA CloudLinux AlmaLinux OS 9 STIG v1r1
ALMA-09-007720 - AlmaLinux OS 9 must automatically lock an account when three unsuccessful logon attempts occur during a 15-minute time period.UnixDISA CloudLinux AlmaLinux OS 9 STIG v1r1
ALMA-09-007830 - AlmaLinux OS 9 must configure the use of the pam_faillock.so module in the /etc/pam.d/system-auth file.UnixDISA CloudLinux AlmaLinux OS 9 STIG v1r1
ALMA-09-007940 - AlmaLinux OS 9 must configure the use of the pam_faillock.so module in the /etc/pam.d/password-auth file.UnixDISA CloudLinux AlmaLinux OS 9 STIG v1r1
ALMA-09-008050 - AlmaLinux OS 9 must log username information when unsuccessful logon attempts occur.UnixDISA CloudLinux AlmaLinux OS 9 STIG v1r1
AOSX-13-001325 - The macOS system must enforce account lockout after the limit of three consecutive invalid logon attempts by a user.UnixDISA STIG Apple Mac OSX 10.13 v2r5
AOSX-14-000020 - The macOS system must enforce the limit of three consecutive invalid logon attempts by a user.UnixDISA STIG Apple Mac OSX 10.14 v2r6
AOSX-15-000020 - The macOS system must enforce the limit of three consecutive invalid logon attempts by a user.UnixDISA STIG Apple Mac OSX 10.15 v1r10
APPL-14-000022 The macOS system must limit consecutive failed log on attempts to three.UnixDISA Apple macOS 14 (Sonoma) STIG v2r3
APPL-14-000060 The macOS system must set account lockout time to 15 minutes.UnixDISA Apple macOS 14 (Sonoma) STIG v2r3
APPL-15-000022 - The macOS system must limit consecutive failed login attempts to three.UnixDISA Apple macOS 15 (Sequoia) STIG v1r2
APPL-15-000060 - The macOS system must set account lockout time to 15 minutes.UnixDISA Apple macOS 15 (Sequoia) STIG v1r2
ARST-ND-000120 - The Arista network device must be configured to enforce the limit of three consecutive invalid logon attempts, after which time it must block any login attempt for 15 minutes.AristaDISA STIG Arista MLS EOS 4.2x NDM v2r1
CISC-ND-000150 - The Cisco router must be configured to enforce the limit of three consecutive invalid logon attempts after which time lock out the user account from accessing the device for 15 minutes.CiscoDISA STIG Cisco IOS-XR Router NDM v3r2
CISC-ND-000150 - The Cisco router must be configured to enforce the limit of three consecutive invalid logon attempts, after which time it must lock out the user account from accessing the device for 15 minutes.CiscoDISA STIG Cisco IOS XE Router NDM v3r2
CISC-ND-000150 - The Cisco router must be configured to enforce the limit of three consecutive invalid logon attempts, after which time it must lock out the user account from accessing the device for 15 minutes.CiscoDISA STIG Cisco IOS Router NDM v3r2
CISC-ND-000150 - The Cisco switch must be configured to enforce the limit of three consecutive invalid logon attempts, after which time it must disconnect the session.CiscoDISA STIG Cisco NX-OS Switch NDM v3r2
CISC-ND-000150 - The Cisco switch must be configured to enforce the limit of three consecutive invalid logon attempts, after which time it must lock out the user account from accessing the device for 15 minutes.CiscoDISA STIG Cisco IOS XE Switch NDM v3r2