Information
The SLEEPTIME variable in the /etc/default/login file controls the number of seconds to wait before printing the "login incorrect" message when a bad password is provided.
As an immediate return of an error message, coupled with the capability to try again may facilitate automatic and rapid-fire brute-force password attacks by a malicious user, this delay time should be set as appropriate to the needs of the user.
Solution
Perform the following to implement the recommended state:
# cd /etc/default
# awk '/SLEEPTIME=/ { $1 = "SLEEPTIME=4" } { print }' login > login.CIS
# mv login.CIS login