| 1.1.5 - AirWatch - Enable Erase Data | AirWatch - CIS Apple iOS 9 v1.0.0 L2 | MDM | ACCESS CONTROL |
| 1.1.5 - AirWatch - Enable Erase Data | AirWatch - CIS Apple iOS 8 v1.0.0 L2 | MDM | ACCESS CONTROL |
| 1.1.5 - MobileIron - Enable Erase Data | MobileIron - CIS Apple iOS 9 v1.0.0 L2 | MDM | ACCESS CONTROL |
| 1.1.5 - MobileIron - Enable Erase Data | MobileIron - CIS Apple iOS 8 v1.0.0 L2 | MDM | ACCESS CONTROL |
| 1.2.2 Ensure 'Account lockout threshold' is set to '10 or fewer invalid logon attempt(s), but not 0' | CIS Windows 7 Workstation Level 1 + Bitlocker v3.1.0 | Windows | ACCESS CONTROL |
| 1.2.2 Ensure 'Account lockout threshold' is set to '10 or fewer invalid logon attempt(s), but not 0' | CIS Windows 7 Workstation Level 1 v3.1.0 | Windows | ACCESS CONTROL |
| 1.2.3 Ensure 'Reset account lockout counter after' is set to '15 or more minute(s)' | CIS Windows 7 Workstation Level 1 v3.1.0 | Windows | ACCESS CONTROL |
| 1.3 Account Anti-riot Attack | Tenable ZTE ROSNG | ZTE_ROSNG | ACCESS CONTROL |
| 1.6.10 Set retry limit for account lockout 'AUTH_MAXTRIES=10' (trusted) | CIS HP-UX 11i v1.5 | Unix | ACCESS CONTROL |
| 1.430 - The delay between logon prompts following a failed console logon attempt must be at least four seconds. | Tenable Fedora Linux Best Practices v2.0.0 | Unix | ACCESS CONTROL |
| 2.1.6 - AirWatch - Limit the 'Number of failed attempts allowed' | AirWatch - CIS Google Android 4 v1.0.0 L1 | MDM | ACCESS CONTROL |
| 2.1.6 - MobileIron - Limit the 'Number of failed attempts allowed' | MobileIron - CIS Google Android 4 v1.0.0 L1 | MDM | ACCESS CONTROL |
| 2.2.7 - AirWatch - Set Maximum number of failed attempts | AirWatch - CIS Apple iOS 9 v1.0.0 L1 | MDM | ACCESS CONTROL |
| 2.2.7 - AirWatch - Set Maximum number of failed attempts | AirWatch - CIS Apple iOS 8 v1.0.0 L1 | MDM | ACCESS CONTROL |
| 2.2.7 - MobileIron - Set Maximum number of failed attempts | MobileIron - CIS Apple iOS 8 v1.0.0 L1 | MDM | ACCESS CONTROL |
| 2.2.7 - MobileIron - Set Maximum number of failed attempts | MobileIron - CIS Apple iOS 9 v1.0.0 L1 | MDM | ACCESS CONTROL |
| 2.7 - Account lockout policy should be enabled - Lockout Enabled | TNS Oracle WebLogic Server 10 Linux Best Practices | Unix | ACCESS CONTROL |
| 3.1.6 - AirWatch - Limit the 'Number of failed attempts allowed' | AirWatch - CIS Apple iOS 8 v1.0.0 L1 | MDM | ACCESS CONTROL |
| 3.1.6 - AirWatch - Limit the 'Number of failed attempts allowed' | AirWatch - CIS Apple iOS 9 v1.0.0 L1 | MDM | ACCESS CONTROL |
| 3.1.6 - MobileIron - Limit the 'Number of failed attempts allowed' | MobileIron - CIS Apple iOS 8 v1.0.0 L1 | MDM | ACCESS CONTROL |
| 3.1.6 - MobileIron - Limit the 'Number of failed attempts allowed' | MobileIron - CIS Apple iOS 9 v1.0.0 L1 | MDM | ACCESS CONTROL |
| 5.2 Use LockOut Realms | CIS Apache Tomcat 9 L2 v1.0.0 | Unix | ACCESS CONTROL |
| 5.2.1 Configure account lockout threshold | CIS Apple macOS 10.14 v1.3.0 L1 | Unix | ACCESS CONTROL |
| 5.2.1 Configure account lockout threshold | CIS Apple macOS 11 v1.1.0 L1 | Unix | ACCESS CONTROL |
| 5.2.5 Ensure SSH MaxAuthTries is set to 4 or less | CIS Distribution Independent Linux Server L1 v1.1.0 | Unix | ACCESS CONTROL |
| 5.2.5 Ensure SSH MaxAuthTries is set to 4 or less | CIS Amazon Linux v2.0.0 L1 | Unix | ACCESS CONTROL |
| 5.3.1 Ensure password creation requirements are configured - password-auth retry=3 | CIS Amazon Linux 2 v1.0.0 L1 | Unix | ACCESS CONTROL |
| 5.3.2 Ensure lockout for failed password attempts - password-auth 'auth sufficient pam_faillock.so authsucc audit deny=5 unlock_time=900' | CIS Amazon Linux 2 v1.0.0 L1 | Unix | ACCESS CONTROL |
| 5.3.2 Ensure lockout for failed password attempts - system-auth 'auth [success=1 default=bad] pam_unix.so' | CIS Amazon Linux 2 v1.0.0 L1 | Unix | ACCESS CONTROL |
| 5.3.2 Ensure lockout for failed password attempts - system-auth 'auth sufficient pam_faillock.so authsucc audit deny=5 unlock_time=900' | CIS Amazon Linux 2 v1.0.0 L1 | Unix | ACCESS CONTROL |
| 5.3.2 Lockout for failed password attempts - 'auth [default=die] pam_faillock.so authfail audit deny=5 unlock_time=900' | CIS Distribution Independent Linux Workstation L1 v1.1.0 | Unix | ACCESS CONTROL |
| 5.3.2 Lockout for failed password attempts - password-auth 'auth [default=die] pam_faillock.so authfail audit deny=5 unlock_time=900' | CIS Red Hat 6 Workstation L1 v2.1.0 | Unix | ACCESS CONTROL |
| 5.3.2 Lockout for failed password attempts - password-auth 'auth [success=1 default=bad] pam_unix.so' | CIS CentOS 6 Workstation L1 v2.1.0 | Unix | ACCESS CONTROL |
| 5.3.2 Lockout for failed password attempts - password-auth 'auth required pam_faillock.so preauth audit silent deny=5 unlock_time=900' | CIS Red Hat 6 Server L1 v2.1.0 | Unix | ACCESS CONTROL |
| 5.3.2 Lockout for failed password attempts - password-auth 'auth required pam_faillock.so preauth audit silent deny=5 unlock_time=900' | CIS Red Hat 6 Workstation L1 v2.1.0 | Unix | ACCESS CONTROL |
| 5.3.2 Lockout for failed password attempts - password-auth 'auth sufficient pam_faillock.so authsucc audit deny=5 unlock_time=900' | CIS CentOS 6 Server L1 v2.1.0 | Unix | ACCESS CONTROL |
| 5.3.2 Lockout for failed password attempts - password-auth 'auth sufficient pam_faillock.so authsucc audit deny=5 unlock_time=900' | CIS CentOS 6 Workstation L1 v2.1.0 | Unix | ACCESS CONTROL |
| 5.3.2 Lockout for failed password attempts - system-auth 'auth [default=die] pam_faillock.so authfail audit deny=5 unlock_time=900' | CIS CentOS 6 Server L1 v2.1.0 | Unix | ACCESS CONTROL |
| 5.3.2 Lockout for failed password attempts - system-auth 'auth [success=1 default=bad] pam_unix.so' | CIS Oracle Linux 6 Server L1 v1.1.0 | Unix | ACCESS CONTROL |
| 5.3.2 Lockout for failed password attempts - system-auth 'auth sufficient pam_faillock.so authsucc audit deny=5 unlock_time=900' | CIS CentOS 6 Server L1 v2.1.0 | Unix | ACCESS CONTROL |
| 5.3.2 Lockout for failed password attempts - system-auth 'auth sufficient pam_faillock.so authsucc audit deny=5 unlock_time=900' | CIS CentOS 6 Workstation L1 v2.1.0 | Unix | ACCESS CONTROL |
| 5.3.2 Lockout for failed password attempts - system-auth 'auth sufficient pam_faillock.so authsucc audit deny=5 unlock_time=900' | CIS Red Hat 6 Workstation L1 v2.1.0 | Unix | ACCESS CONTROL |
| 5.3.3 Ensure authselect includes with-faillock - authselect.conf | CIS CentOS Linux 8 Server L1 v1.0.0 | Unix | ACCESS CONTROL |
| 5.4.2 Ensure lockout for failed password attempts is configured | CIS CentOS Linux 8 Workstation L1 v1.0.0 | Unix | ACCESS CONTROL |
| 5.13 Configure account lockout threshold | CIS Apple OSX 10.9 Mavericks L1 v1.0.0 | Unix | ACCESS CONTROL |
| 6.2.5 Set SSH MaxAuthTries to 4 or Less | CIS Red Hat Enterprise Linux 5 L1 v2.2 | Unix | ACCESS CONTROL |
| 6.6.1.3 Ensure Minimum Backoff Factor of 5 | CIS Juniper OS Benchmark v2.0.0 L1 | Juniper | ACCESS CONTROL |
| Authentication Failure | DISA Microsoft Exchange 2013 Client Access Server STIG v2r1 | Windows | ACCESS CONTROL |
| PCI 8.1.7 - /etc/security/login.cfg - 'loginreenable >= 30' | PCI DSS 2.0/3.0 - AIX | Unix | ACCESS CONTROL |
| SonicWALL - PW Policy - Lockout Duration - >= 5 minutes | TNS SonicWALL v5.9 | SonicWALL | ACCESS CONTROL |
