AOSX-15-000021 - The macOS system must enforce an account lockout time period of 15 minutes in which a user makes three consecutive invalid logon attempts.

Information

Setting a lockout time period of 15 minutes is an effective deterrent against brute forcing that also makes allowances for legitimate mistakes by users. When three invalid logon attempts are made, the account will be locked.

Solution

This setting is enforced using the 'Passcode Policy' configuration profile or by a directory service.

See Also

https://dl.dod.cyber.mil/wp-content/uploads/stigs/zip/U_Apple_OS_X_10-15_V1R8_STIG.zip

Item Details

Category: ACCESS CONTROL

References: 800-53|AC-7b., CAT|II, CCI|CCI-002238, Rule-ID|SV-225132r610901_rule, STIG-ID|AOSX-15-000021, STIG-Legacy|SV-111641, STIG-Legacy|V-102679, Vuln-ID|V-225132

Plugin: Unix

Control ID: 4931b1b62b45bc2870808718734425066bf4e368a9ceffad5fde46b0d5b8be33