Catalina - Limit Consecutive Failed Login Attempts to Three
The macOS _MUST_ be configured to limit the number of failed login attempts to a maximum of three. When the maximum number of failed attempts is reached, the account _MUST_ be locked for a period of time after. This rule protects against malicious users attempting to gain access to the system via brute-force hacking methods.
This is implemented by a Configuration Profile. mobileconfig profile info: com.apple.mobiledevice.passwordpolicy: maxFailedAttempts: 3