Information
The account lockout threshold specifies the amount of times a user can enter an incorrect password before a lockout will occur.  The account lockout feature mitigates brute-force password attacks on the system.
Solution
Perform the following to implement the prescribed state for all pwpolicy controls Run the following command in Terminal: sudo pwpolicy -setglobalpolicy "maxFailedLoginAttempts=5 minChars=15 requiresNumeric=1 requiresAlpha=1 requiresSymbol=1" Impact: The number of incorrect log on attempts should be reasonably small to minimize the possibility of a successful password attack, while allowing for honest errors made during a normal user log on.