CCI|CCI-000044

Title

Enforce the organization-defined limit of consecutive invalid logon attempts by a user during the organization-defined time period.

Reference Item Details

Category: 2024

Audit Items

View all Reference Audit Items

NamePluginAudit Name
4.002 - Number of allowed bad-logon attempts does not meet minimum requirements.WindowsDISA Windows Vista STIG v6r41
4.003 - Time before bad-logon counter is reset does not meet minimum requirements.WindowsDISA Windows Vista STIG v6r41
5.4.12 Ensure accounts lock for a minimum of 15 minutes after three unsuccessful logon attempts within a 15-minute timeframe - password-auth denyUnixCIS Red Hat Enterprise Linux 7 STIG v2.0.0 STIG
5.4.12 Ensure accounts lock for a minimum of 15 minutes after three unsuccessful logon attempts within a 15-minute timeframe - password-auth even_deny_rootUnixCIS Red Hat Enterprise Linux 7 STIG v2.0.0 STIG
5.4.12 Ensure accounts lock for a minimum of 15 minutes after three unsuccessful logon attempts within a 15-minute timeframe - password-auth fail_intervalUnixCIS Red Hat Enterprise Linux 7 STIG v2.0.0 STIG
5.4.12 Ensure accounts lock for a minimum of 15 minutes after three unsuccessful logon attempts within a 15-minute timeframe - password-auth unlock_timeUnixCIS Red Hat Enterprise Linux 7 STIG v2.0.0 STIG
5.4.12 Ensure accounts lock for a minimum of 15 minutes after three unsuccessful logon attempts within a 15-minute timeframe - system-auth denyUnixCIS Red Hat Enterprise Linux 7 STIG v2.0.0 STIG
5.4.12 Ensure accounts lock for a minimum of 15 minutes after three unsuccessful logon attempts within a 15-minute timeframe - system-auth even_deny_rootUnixCIS Red Hat Enterprise Linux 7 STIG v2.0.0 STIG
5.4.12 Ensure accounts lock for a minimum of 15 minutes after three unsuccessful logon attempts within a 15-minute timeframe - system-auth fail_intervalUnixCIS Red Hat Enterprise Linux 7 STIG v2.0.0 STIG
5.4.12 Ensure accounts lock for a minimum of 15 minutes after three unsuccessful logon attempts within a 15-minute timeframe - system-auth unlock_timeUnixCIS Red Hat Enterprise Linux 7 STIG v2.0.0 STIG
AIOS-01-080005 - Apple iOS must not allow more than 10 consecutive failed authentication attempts.MDMMobileIron - DISA Apple iOS 10 v1r3
AIOS-01-080005 - Apple iOS must not allow more than 10 consecutive failed authentication attempts.MDMAirWatch - DISA Apple iOS 10 v1r3
AIOS-12-000400 - Apple iOS must be configured to not allow more than 10 consecutive failed authentication attempts.MDMAirWatch - DISA Apple iOS 12 v2r1
AIOS-12-000400 - Apple iOS must be configured to not allow more than 10 consecutive failed authentication attempts.MDMMobileIron - DISA Apple iOS 12 v2r1
AIOS-13-000400 - Apple iOS/iPadOS must be configured to not allow more than 10 consecutive failed authentication attempts.MDMAirWatch - DISA Apple iOS/iPadOS 13 v2r1
AIOS-13-000400 - Apple iOS/iPadOS must be configured to not allow more than 10 consecutive failed authentication attempts.MDMMobileIron - DISA Apple iOS/iPadOS 13 v2r1
AIOS-14-000400 - The mobile operating system must be configured to not allow more than ten consecutive failed authentication attempts.MDMAirWatch - DISA Apple iOS/iPadOS 14 v1r3
AIOS-14-000400 - The mobile operating system must be configured to not allow more than ten consecutive failed authentication attempts.MDMMobileIron - DISA Apple iOS/iPadOS 14 v1r3
AIOS-15-006900 - Apple iOS/iPadOS 15 must be configured to not allow more than 10 consecutive failed authentication attempts.MDMMobileIron - DISA Apple iOS/iPadOS 14 v1r4
AIOS-15-006900 - Apple iOS/iPadOS 15 must be configured to not allow more than 10 consecutive failed authentication attempts.MDMAirWatch - DISA Apple iOS/iPadOS 14 v1r4
AIOS-16-006900 - Apple iOS/iPadOS 16 must be configured to not allow more than 10 consecutive failed authentication attempts.MDMAirWatch - DISA Apple iOS/iPadOS 16 v2r1
AIOS-16-006900 - Apple iOS/iPadOS 16 must be configured to not allow more than 10 consecutive failed authentication attempts.MDMMobileIron - DISA Apple iOS/iPadOS 16 v2r1
AIOS-16-706900 - Apple iOS/iPadOS 16 must be configured to not allow more than 10 consecutive failed authentication attempts.MDMMobileIron - DISA Apple iOS/iPadOS BYOAD 16 v1r1
AIOS-16-706900 - Apple iOS/iPadOS 16 must be configured to not allow more than 10 consecutive failed authentication attempts.MDMAirWatch - DISA Apple iOS/iPadOS 16 BYOAD v1r1
AIOS-17-006900 - Apple iOS/iPadOS 17 must be configured to not allow more than 10 consecutive failed authentication attempts.MDMAirWatch - DISA Apple iOS/iPadOS 17 v2r1
AIOS-17-006900 - Apple iOS/iPadOS 17 must be configured to not allow more than 10 consecutive failed authentication attempts.MDMMobileIron - DISA Apple iOS/iPadOS 17 v2r1
AIOS-17-706900 - Apple iOS/iPadOS 17 must be configured to not allow more than 10 consecutive failed authentication attempts.MDMMobileIron - DISA Apple iOS/iPadOS BYOAD 17 v1r1
AIOS-17-706900 - Apple iOS/iPadOS 17 must be configured to not allow more than 10 consecutive failed authentication attempts.MDMAirWatch - DISA Apple iOS/iPadOS 17 BYOAD v1r1
AIOS-18-006900 - Apple iOS/iPadOS 18 must be configured to not allow more than 10 consecutive failed authentication attempts.MDMAirWatch - DISA Apple iOS/iPadOS 18 v1r1
AIOS-18-006900 - Apple iOS/iPadOS 18 must be configured to not allow more than 10 consecutive failed authentication attempts.MDMMobileIron - DISA Apple iOS/iPadOS 18 v1r1
AIX7-00-001003 - AIX must enforce the limit of three consecutive invalid login attempts by a user before the user account is locked and released by an administrator.UnixDISA STIG AIX 7.x v3r1
AOSX-13-001325 - The macOS system must enforce account lockout after the limit of three consecutive invalid logon attempts by a user.UnixDISA STIG Apple Mac OSX 10.13 v2r5
AOSX-14-000020 - The macOS system must enforce the limit of three consecutive invalid logon attempts by a user.UnixDISA STIG Apple Mac OSX 10.14 v2r6
AOSX-15-000020 - The macOS system must enforce the limit of three consecutive invalid logon attempts by a user.UnixDISA STIG Apple Mac OSX 10.15 v1r10
APPL-14-000022 - The macOS system must limit consecutive failed log on attempts to three.UnixDISA Apple macOS 14 (Sonoma) STIG v2r2
APPL-14-000060 - The macOS system must set account lockout time to 15 minutes.UnixDISA Apple macOS 14 (Sonoma) STIG v2r2
APPL-15-000022 - The macOS system must limit consecutive failed login attempts to three.UnixDISA Apple macOS 15 (Sequoia) STIG v1r1
APPL-15-000060 - The macOS system must set account lockout time to 15 minutes.UnixDISA Apple macOS 15 (Sequoia) STIG v1r1
ARST-ND-000120 - The Arista network device must be configured to enforce the limit of three consecutive invalid logon attempts, after which time it must block any login attempt for 15 minutes.AristaDISA STIG Arista MLS EOS 4.2x NDM v2r1
Catalina - Limit Consecutive Failed Login Attempts to ThreeUnixNIST macOS Catalina v1.5.0 - 800-53r4 Moderate
Catalina - Limit Consecutive Failed Login Attempts to ThreeUnixNIST macOS Catalina v1.5.0 - 800-171
Catalina - Limit Consecutive Failed Login Attempts to ThreeUnixNIST macOS Catalina v1.5.0 - 800-53r4 High
Catalina - Limit Consecutive Failed Login Attempts to ThreeUnixNIST macOS Catalina v1.5.0 - 800-53r4 Low
Catalina - Limit Consecutive Failed Login Attempts to ThreeUnixNIST macOS Catalina v1.5.0 - CNSSI 1253
CISC-ND-000150 - The Cisco router must be configured to enforce the limit of three consecutive invalid logon attempts after which time lock out the user account from accessing the device for 15 minutes.CiscoDISA STIG Cisco IOS-XR Router NDM v3r2
CISC-ND-000150 - The Cisco router must be configured to enforce the limit of three consecutive invalid logon attempts, after which time it must lock out the user account from accessing the device for 15 minutes.CiscoDISA STIG Cisco IOS XE Router NDM v3r2
CISC-ND-000150 - The Cisco router must be configured to enforce the limit of three consecutive invalid logon attempts, after which time it must lock out the user account from accessing the device for 15 minutes.CiscoDISA STIG Cisco IOS Router NDM v3r2
CISC-ND-000150 - The Cisco switch must be configured to enforce the limit of three consecutive invalid logon attempts, after which time it must disconnect the session.CiscoDISA STIG Cisco NX-OS Switch NDM v3r2
CISC-ND-000150 - The Cisco switch must be configured to enforce the limit of three consecutive invalid logon attempts, after which time it must lock out the user account from accessing the device for 15 minutes.CiscoDISA STIG Cisco IOS XE Switch NDM v3r2
CISC-ND-000150 - The Cisco switch must be configured to enforce the limit of three consecutive invalid logon attempts, after which time it must lock out the user account from accessing the device for 15 minutes.CiscoDISA STIG Cisco IOS Switch NDM v3r2