Catalina - Limit Consecutive Failed Login Attempts to Three

Information

The macOS _MUST_ be configured to limit the number of failed login attempts to a maximum of three. When the maximum number of failed attempts is reached, the account _MUST_ be locked for a period of time after.

This rule protects against malicious users attempting to gain access to the system via brute-force hacking methods.

Solution

This is implemented by a Configuration Profile.

mobileconfig profile info:

com.apple.mobiledevice.passwordpolicy:
maxFailedAttempts:
3

See Also

https://github.com/usnistgov/macos_security

Item Details

Category: ACCESS CONTROL

References: 800-53|AC-7, 800-53|AC-7a., 800-53|AC-7b., CCE|CCE-84809-3, CCI|CCI-000044, CCI|CCI-002238, STIG-ID|AOSX-15-000020, STIG-ID|AOSX-15-000022

Plugin: Unix

Control ID: 24e9b88b06f9e5e4b69d741251302122c090220c52c42434085cf78c4e8d02e7