| AIOS-12-000400 - Apple iOS must be configured to not allow more than 10 consecutive failed authentication attempts. | AirWatch - DISA Apple iOS 12 v2r1 | MDM | ACCESS CONTROL |
| AIOS-12-000400 - Apple iOS must be configured to not allow more than 10 consecutive failed authentication attempts. | MobileIron - DISA Apple iOS 12 v2r1 | MDM | ACCESS CONTROL |
| AIOS-13-000400 - Apple iOS/iPadOS must be configured to not allow more than 10 consecutive failed authentication attempts. | MobileIron - DISA Apple iOS/iPadOS 13 v2r1 | MDM | ACCESS CONTROL |
| AIOS-13-000400 - Apple iOS/iPadOS must be configured to not allow more than 10 consecutive failed authentication attempts. | AirWatch - DISA Apple iOS/iPadOS 13 v2r1 | MDM | ACCESS CONTROL |
| AOSX-13-001325 - The macOS system must enforce account lockout after the limit of three consecutive invalid logon attempts by a user. | DISA STIG Apple Mac OSX 10.13 v2r5 | Unix | ACCESS CONTROL |
| AOSX-14-000020 - The macOS system must enforce the limit of three consecutive invalid logon attempts by a user. | DISA STIG Apple Mac OSX 10.14 v2r6 | Unix | ACCESS CONTROL |
| AOSX-15-000020 - The macOS system must enforce the limit of three consecutive invalid logon attempts by a user. | DISA STIG Apple Mac OSX 10.15 v1r10 | Unix | ACCESS CONTROL |
| APPL-14-000022 The macOS system must limit consecutive failed log on attempts to three. | DISA Apple macOS 14 (Sonoma) STIG v2r3 | Unix | ACCESS CONTROL |
| APPL-15-000060 - The macOS system must set account lockout time to 15 minutes. | DISA Apple macOS 15 (Sequoia) STIG v1r3 | Unix | ACCESS CONTROL |
| CISC-ND-000150 - The Cisco router must be configured to enforce the limit of three consecutive invalid logon attempts after which time lock out the user account from accessing the device for 15 minutes. | DISA STIG Cisco IOS-XR Router NDM v3r2 | Cisco | ACCESS CONTROL |
| CISC-ND-000150 - The Cisco router must be configured to enforce the limit of three consecutive invalid logon attempts, after which time it must lock out the user account from accessing the device for 15 minutes. | DISA STIG Cisco IOS Router NDM v3r2 | Cisco | ACCESS CONTROL |
| CISC-ND-000150 - The Cisco router must be configured to enforce the limit of three consecutive invalid logon attempts, after which time it must lock out the user account from accessing the device for 15 minutes. | DISA STIG Cisco IOS XE Router NDM v3r2 | Cisco | ACCESS CONTROL |
| CISC-ND-000150 - The Cisco switch must be configured to enforce the limit of three consecutive invalid logon attempts, after which time it must disconnect the session. | DISA Cisco NX OS Switch NDM STIG v3r3 | Cisco | ACCESS CONTROL |
| CISC-ND-000150 - The Cisco switch must be configured to enforce the limit of three consecutive invalid logon attempts, after which time it must lock out the user account from accessing the device for 15 minutes. | DISA STIG Cisco IOS XE Switch NDM v3r2 | Cisco | ACCESS CONTROL |
| CISC-ND-000150 - The Cisco switch must be configured to enforce the limit of three consecutive invalid logon attempts, after which time it must lock out the user account from accessing the device for 15 minutes. | DISA STIG Cisco IOS Switch NDM v3r2 | Cisco | ACCESS CONTROL |
| ESXI-65-000005 - The ESXi host must enforce the limit of three consecutive invalid logon attempts by a user. | DISA STIG VMware vSphere ESXi 6.5 v2r4 | VMware | ACCESS CONTROL |
| F5BI-DM-000031 - The BIG-IP appliance must be configured to enforce the limit of three consecutive invalid logon attempts by a user during a 15-minute time period. | DISA F5 BIG-IP Device Management STIG v2r4 | F5 | ACCESS CONTROL |
| GOOG-09-000500 - The Google Android Pie must be configured to not allow more than 10 consecutive failed authentication attempts. | AirWatch - DISA Google Android 9.x v2r1 | MDM | ACCESS CONTROL |
| GOOG-09-000500 - The Google Android Pie must be configured to not allow more than 10 consecutive failed authentication attempts. | MobileIron - DISA Google Android 9.x v2r1 | MDM | ACCESS CONTROL |
| GOOG-10-000500 - Google Android 10 must be configured to not allow more than 10 consecutive failed authentication attempts. | MobileIron - DISA Google Android 10.x v2r1 | MDM | ACCESS CONTROL |
| GOOG-10-000500 - Google Android 10 must be configured to not allow more than 10 consecutive failed authentication attempts. | AirWatch - DISA Google Android 10.x v2r1 | MDM | ACCESS CONTROL |
| JUNI-ND-000150 - The Juniper router must be configured to enforce the limit of three consecutive invalid logon attempts after which time lock out the user account from accessing the device for 15 minutes. | DISA STIG Juniper Router NDM v3r2 | Juniper | ACCESS CONTROL |
| JUSX-DM-000030 - For local accounts created on the device, the Juniper SRX Services Gateway must enforce the limit of three consecutive invalid logon attempts by a user during a 15-minute time period. | DISA Juniper SRX Services Gateway NDM v3r2 | Juniper | ACCESS CONTROL |
| OL6-00-000061 - The system must disable accounts after three consecutive unsuccessful logon attempts - password-auth | DISA STIG Oracle Linux 6 v2r7 | Unix | ACCESS CONTROL |
| OL6-00-000061 - The system must disable accounts after three consecutive unsuccessful logon attempts - system-auth | DISA STIG Oracle Linux 6 v2r7 | Unix | ACCESS CONTROL |
| OL08-00-020011 - OL 8 systems, versions 8.2 and above, must automatically lock an account when three unsuccessful logon attempts occur. | DISA Oracle Linux 8 STIG v2r4 | Unix | ACCESS CONTROL |
| OL08-00-020014 - OL 8 systems below version 8.2 must automatically lock an account until the locked account is released by an administrator when three unsuccessful logon attempts occur during a 15-minute time period. | DISA Oracle Linux 8 STIG v2r4 | Unix | ACCESS CONTROL |
| OL08-00-020016 - OL 8 systems below version 8.2 must ensure account lockouts persist. | DISA Oracle Linux 8 STIG v2r4 | Unix | ACCESS CONTROL |
| OL08-00-020017 - OL 8 systems, versions 8.2 and above, must ensure account lockouts persist. | DISA Oracle Linux 8 STIG v2r4 | Unix | ACCESS CONTROL |
| OL08-00-020026 - OL 8 must configure the use of the pam_faillock.so module in the /etc/pam.d/password-auth file. | DISA Oracle Linux 8 STIG v2r4 | Unix | ACCESS CONTROL |
| PANW-NM-000015 - The Palo Alto Networks security platform must enforce the limit of three consecutive invalid logon attempts. | DISA STIG Palo Alto NDM v3r2 | Palo_Alto | ACCESS CONTROL |
| RHEL-06-000061 - The system must disable accounts after three consecutive unsuccessful logon attempts - 'password-auth [default=die]' | DISA Red Hat Enterprise Linux 6 STIG v2r2 | Unix | ACCESS CONTROL |
| RHEL-06-000061 - The system must disable accounts after three consecutive unsuccessful logon attempts - 'password-auth required'. | DISA Red Hat Enterprise Linux 6 STIG v2r2 | Unix | ACCESS CONTROL |
| RHEL-06-000061 - The system must disable accounts after three consecutive unsuccessful logon attempts - 'system-auth [default=die]' | DISA Red Hat Enterprise Linux 6 STIG v2r2 | Unix | ACCESS CONTROL |
| RHEL-06-000061 - The system must disable accounts after three consecutive unsuccessful logon attempts - 'system-auth required' | DISA Red Hat Enterprise Linux 6 STIG v2r2 | Unix | ACCESS CONTROL |
| RHEL-09-411080 - RHEL 9 must automatically lock the root account until the root account is released by an administrator when three unsuccessful logon attempts occur during a 15-minute time period. | DISA Red Hat Enterprise Linux 9 STIG v2r4 | Unix | ACCESS CONTROL |
| RHEL-09-411085 - RHEL 9 must automatically lock an account when three unsuccessful logon attempts occur during a 15-minute time period. | DISA Red Hat Enterprise Linux 9 STIG v2r4 | Unix | ACCESS CONTROL |
| SLES-12-010130 - The SUSE operating system must lock an account after three consecutive invalid access attempts. | DISA SLES 12 STIG v3r2 | Unix | ACCESS CONTROL |
| SOL-11.1-040140 - The system must disable accounts after three consecutive unsuccessful login attempts. | DISA STIG Solaris 11 SPARC v3r1 | Unix | ACCESS CONTROL |
| SOL-11.1-040140 - The system must disable accounts after three consecutive unsuccessful login attempts. | DISA STIG Solaris 11 X86 v3r1 | Unix | ACCESS CONTROL |
| SPLK-CL-000240 - Splunk Enterprise must enforce the limit of 3 consecutive invalid logon attempts by a user during a 15 minute time period. | DISA STIG Splunk Enterprise 7.x for Windows v3r1 REST API | Splunk | ACCESS CONTROL |
| UBTU-22-411045 - Ubuntu 22.04 LTS must automatically lock an account until the locked account is released by an administrator when three unsuccessful logon attempts have been made. | DISA Canonical Ubuntu 22.04 LTS STIG v2r4 | Unix | ACCESS CONTROL |
| WBLC-01-000032 - Oracle WebLogic must limit the number of failed login attempts to an organization-defined number of consecutive invalid attempts that occur within an organization-defined time period. | Oracle WebLogic Server 12c Linux v2r2 | Unix | ACCESS CONTROL |
| WBLC-01-000032 - Oracle WebLogic must limit the number of failed login attempts to an organization-defined number of consecutive invalid attempts that occur within an organization-defined time period. | Oracle WebLogic Server 12c Linux v2r2 Middleware | Unix | ACCESS CONTROL |
| WBLC-01-000032 - Oracle WebLogic must limit the number of failed login attempts to an organization-defined number of consecutive invalid attempts that occur within an organization-defined time period. | Oracle WebLogic Server 12c Windows v2r2 | Windows | ACCESS CONTROL |
| WN10-AC-000010 - The number of allowed bad logon attempts must be configured to 3 or less. | DISA Microsoft Windows 10 STIG v3r4 | Windows | ACCESS CONTROL |
| WN12-AC-000002 - The number of allowed bad logon attempts must meet minimum requirements. | DISA Windows Server 2012 and 2012 R2 DC STIG v3r7 | Windows | ACCESS CONTROL |
| WN12-AC-000002 - The number of allowed bad logon attempts must meet minimum requirements. | DISA Windows Server 2012 and 2012 R2 MS STIG v3r7 | Windows | ACCESS CONTROL |
| WN16-AC-000020 - Windows Server 2016 must have the number of allowed bad logon attempts configured to three or less. | DISA Microsoft Windows Server 2016 STIG v2r10 | Windows | ACCESS CONTROL |
| WN19-AC-000020 - Windows Server 2019 must have the number of allowed bad logon attempts configured to three or less. | DISA Microsoft Windows Server 2019 STIG v3r4 | Windows | ACCESS CONTROL |
