| 1.138 OL08-00-020012 | CIS Oracle Linux 8 STIG v1.0.0 CAT II | Unix | ACCESS CONTROL |
| 1.148 OL08-00-020022 | CIS Oracle Linux 8 STIG v1.0.0 CAT II | Unix | ACCESS CONTROL |
| 1.151 OL08-00-020025 | CIS Oracle Linux 8 STIG v1.0.0 CAT II | Unix | ACCESS CONTROL |
| 1.281 RHEL-09-411085 | CIS Red Hat Enterprise Linux 9 STIG v1.0.0 CAT II | Unix | ACCESS CONTROL |
| 1.285 RHEL-09-411105 | CIS Red Hat Enterprise Linux 9 STIG v1.0.0 CAT II | Unix | ACCESS CONTROL |
| 4.003 - Time before bad-logon counter is reset does not meet minimum requirements. | DISA Windows Vista STIG v6r41 | Windows | ACCESS CONTROL |
| AIOS-14-000400 - The mobile operating system must be configured to not allow more than ten consecutive failed authentication attempts. | MobileIron - DISA Apple iOS/iPadOS 14 v1r3 | MDM | ACCESS CONTROL |
| AIOS-15-006900 - Apple iOS/iPadOS 15 must be configured to not allow more than 10 consecutive failed authentication attempts. | AirWatch - DISA Apple iOS/iPadOS 14 v1r4 | MDM | ACCESS CONTROL |
| AIOS-16-706900 - Apple iOS/iPadOS 16 must be configured to not allow more than 10 consecutive failed authentication attempts. | AirWatch - DISA Apple iOS/iPadOS 16 BYOAD v1r1 | MDM | ACCESS CONTROL |
| AIOS-17-706900 - Apple iOS/iPadOS 17 must be configured to not allow more than 10 consecutive failed authentication attempts. | AirWatch - DISA Apple iOS/iPadOS 17 BYOAD v1r2 | MDM | ACCESS CONTROL |
| AIOS-18-006900 - Apple iOS/iPadOS 18 must be configured to not allow more than 10 consecutive failed authentication attempts. | MobileIron - DISA Apple iOS/iPadOS 18 v1r4 | MDM | ACCESS CONTROL |
| ALMA-09-007720 - AlmaLinux OS 9 must automatically lock an account when three unsuccessful logon attempts occur during a 15-minute time period. | DISA CloudLinux AlmaLinux OS 9 STIG v1r3 | Unix | ACCESS CONTROL |
| APPL-14-000022 - The macOS system must limit consecutive failed log on attempts to three. | DISA Apple macOS 14 (Sonoma) STIG v2r3 | Unix | ACCESS CONTROL |
| ESXI-06-000005 - The system must enforce the limit of three consecutive invalid logon attempts by a user. | DISA STIG VMware vSphere 6.x ESXi v1r5 | VMware | ACCESS CONTROL |
| ESXI-67-000005 - The ESXi host must enforce the limit of three consecutive invalid logon attempts by a user. | DISA STIG VMware vSphere 6.7 ESXi v1r3 | VMware | ACCESS CONTROL |
| ESXI-80-000005 - The ESXi host must enforce the limit of three consecutive invalid logon attempts by a user. | DISA VMware vSphere 8.0 ESXi STIG v2r3 VMware | VMware | ACCESS CONTROL |
| GEN000460 - The system must disable accounts after three consecutive unsuccessful login attempts - LOCK_AFTER_RETRIES | DISA STIG Solaris 10 X86 v2r4 | Unix | ACCESS CONTROL |
| GEN000460 - The system must disable accounts after three consecutive unsuccessful login attempts - LOCK_AFTER_RETRIES | DISA STIG Solaris 10 SPARC v2r4 | Unix | ACCESS CONTROL |
| GEN000460 - The system must disable accounts after three consecutive unsuccessful login attempts - RETRIES | DISA STIG Solaris 10 X86 v2r4 | Unix | ACCESS CONTROL |
| GEN000460 - The system must disable accounts after three consecutive unsuccessful login attempts - RETRIES | DISA STIG Solaris 10 SPARC v2r4 | Unix | ACCESS CONTROL |
| GEN000460 - The system must disable accounts after three consecutive unsuccessful login attempts. | DISA STIG AIX 6.1 v1r14 | Unix | ACCESS CONTROL |
| GEN000460 - The system must disable accounts after three consecutive unsuccessful login attempts. | DISA STIG for Oracle Linux 5 v2r1 | Unix | ACCESS CONTROL |
| GEN000460 - The system must disable accounts after three consecutive unsuccessful login attempts. | DISA STIG for Red Hat Enterprise Linux 5 v1r18 Audit | Unix | ACCESS CONTROL |
| GOOG-11-000500 - Google Android 11 must be configured to not allow more than ten consecutive failed authentication attempts. | AirWatch - DISA Google Android 11 COBO v2r1 | MDM | ACCESS CONTROL |
| GOOG-11-000500 - Google Android 11 must be configured to not allow more than ten consecutive failed authentication attempts. | MobileIron - DISA Google Android 11 COBO v2r1 | MDM | ACCESS CONTROL |
| GOOG-12-006400 - Google Android 12 must be configured to not allow more than 10 consecutive failed authentication attempts. | AirWatch - DISA Google Android 12 COBO v1r2 | MDM | ACCESS CONTROL |
| GOOG-13-006400 - Google Android 13 must be configured to not allow more than 10 consecutive failed authentication attempts. | MobileIron - DISA Google Android 13 COBO v2r2 | MDM | ACCESS CONTROL |
| GOOG-13-006400 - Google Android 13 must be configured to not allow more than 10 consecutive failed authentication attempts. | MobileIron - DISA Google Android 13 COPE v2r2 | MDM | ACCESS CONTROL |
| GOOG-14-006400 - Google Android 14 must be configured to not allow more than 10 consecutive failed authentication attempts. | AirWatch - DISA Google Android 14 COPE v2r2 | MDM | ACCESS CONTROL |
| GOOG-15-006400 - Google Android 15 must be configured to not allow more than 10 consecutive failed authentication attempts. | MobileIron - DISA Google Android 15 COPE v1r2 | MDM | ACCESS CONTROL |
| JUEX-NM-000080 - The Juniper EX switch must be configured to enforce the limit of three consecutive invalid logon attempts for any given user, after which time it must block any login attempt for that user for 15 minutes. | DISA Juniper EX Series Network Device Management v2r3 | Juniper | ACCESS CONTROL |
| MSFT-11-000500 - Microsoft Android 11 must be configured to not allow more than 10 consecutive failed authentication attempts. | MobileIron - DISA Microsoft Android 11 COPE v1r2 | MDM | ACCESS CONTROL |
| OL08-00-020023 - OL 8 systems, versions 8.2 and above, must include root when automatically locking an account until the locked account is released by an administrator when three unsuccessful logon attempts occur during a 15-minute time period. | DISA Oracle Linux 8 STIG v2r5 | Unix | ACCESS CONTROL |
| OL08-00-020026 - OL 8 must configure the use of the pam_faillock.so module in the /etc/pam.d/password-auth file. | DISA Oracle Linux 8 STIG v2r5 | Unix | ACCESS CONTROL |
| OL09-00-003011 - OL 9 must configure the use of the pam_faillock.so module in the /etc/pam.d/system-auth file. | DISA Oracle Linux 9 STIG v1r2 | Unix | ACCESS CONTROL |
| PHTN-40-000192 The Photon operating system must be configured to use the pam_faillock.so module. | DISA VMware vSphere 8.0 vCenter Appliance Photon OS 4.0 STIG v2r1 | Unix | ACCESS CONTROL |
| PHTN-40-000193 The Photon operating system must prevent leaking information of the existence of a user account. | DISA VMware vSphere 8.0 vCenter Appliance Photon OS 4.0 STIG v2r1 | Unix | ACCESS CONTROL |
| PHTN-40-000194 The Photon operating system must audit logon attempts for unknown users. | DISA VMware vSphere 8.0 vCenter Appliance Photon OS 4.0 STIG v2r1 | Unix | ACCESS CONTROL |
| RHEL-08-020013 - RHEL 8 must automatically lock an account when three unsuccessful logon attempts occur during a 15-minute time period. | DISA Red Hat Enterprise Linux 8 STIG v2r4 | Unix | ACCESS CONTROL |
| RHEL-08-020014 - RHEL 8 must automatically lock an account until the locked account is released by an administrator when three unsuccessful logon attempts occur during a 15-minute time period. | DISA Red Hat Enterprise Linux 8 STIG v2r4 | Unix | ACCESS CONTROL |
| RHEL-08-020016 - RHEL 8 must ensure account lockouts persist. | DISA Red Hat Enterprise Linux 8 STIG v2r4 | Unix | ACCESS CONTROL |
| RHEL-08-020018 - RHEL 8 must prevent system messages from being presented when three unsuccessful logon attempts occur. | DISA Red Hat Enterprise Linux 8 STIG v2r4 | Unix | ACCESS CONTROL |
| RHEL-08-020020 - RHEL 8 must log user name information when unsuccessful logon attempts occur. | DISA Red Hat Enterprise Linux 8 STIG v2r4 | Unix | ACCESS CONTROL |
| RHEL-08-020021 - RHEL 8 must log user name information when unsuccessful logon attempts occur. | DISA Red Hat Enterprise Linux 8 STIG v2r4 | Unix | ACCESS CONTROL |
| RHEL-08-020023 - RHEL 8 must include root when automatically locking an account until the locked account is released by an administrator when three unsuccessful logon attempts occur during a 15-minute time period. | DISA Red Hat Enterprise Linux 8 STIG v2r4 | Unix | ACCESS CONTROL |
| RHEL-08-020025 - RHEL 8 must configure the use of the pam_faillock.so module in the /etc/pam.d/system-auth file. | DISA Red Hat Enterprise Linux 8 STIG v2r4 | Unix | ACCESS CONTROL |
| RHEL-09-411075 - RHEL 9 must automatically lock an account when three unsuccessful logon attempts occur. | DISA Red Hat Enterprise Linux 9 STIG v2r4 | Unix | ACCESS CONTROL |
| RHEL-09-411090 - RHEL 9 must maintain an account lock until the locked account is released by an administrator. | DISA Red Hat Enterprise Linux 9 STIG v2r4 | Unix | ACCESS CONTROL |
| VCSA-70-000023 - The vCenter Server must enforce the limit of three consecutive invalid login attempts by a user. | DISA STIG VMware vSphere 7.0 vCenter v1r3 | VMware | ACCESS CONTROL |
| ZEBR-10-000500 - Zebra Android 10 must be configured to not allow more than 10 consecutive failed authentication attempts. | MobileIron - DISA Zebra Android 10 COBO v1r2 | MDM | ACCESS CONTROL |
