| AIOS-12-000400 - Apple iOS must be configured to not allow more than 10 consecutive failed authentication attempts. | AirWatch - DISA Apple iOS 12 v2r1 | MDM | ACCESS CONTROL |
| AIOS-12-000400 - Apple iOS must be configured to not allow more than 10 consecutive failed authentication attempts. | MobileIron - DISA Apple iOS 12 v2r1 | MDM | ACCESS CONTROL |
| AIOS-13-000400 - Apple iOS/iPadOS must be configured to not allow more than 10 consecutive failed authentication attempts. | AirWatch - DISA Apple iOS/iPadOS 13 v2r1 | MDM | ACCESS CONTROL |
| ALMA-09-008050 - AlmaLinux OS 9 must log username information when unsuccessful logon attempts occur. | DISA CloudLinux AlmaLinux OS 9 STIG v1r2 | Unix | ACCESS CONTROL, AUDIT AND ACCOUNTABILITY |
| AOSX-14-000020 - The macOS system must enforce the limit of three consecutive invalid logon attempts by a user. | DISA STIG Apple Mac OSX 10.14 v2r6 | Unix | ACCESS CONTROL |
| AOSX-15-000020 - The macOS system must enforce the limit of three consecutive invalid logon attempts by a user. | DISA STIG Apple Mac OSX 10.15 v1r10 | Unix | ACCESS CONTROL |
| APPL-14-000060 The macOS system must set account lockout time to 15 minutes. | DISA Apple macOS 14 (Sonoma) STIG v2r3 | Unix | ACCESS CONTROL |
| APPL-15-000022 - The macOS system must limit consecutive failed login attempts to three. | DISA Apple macOS 15 (Sequoia) STIG v1r3 | Unix | ACCESS CONTROL |
| CISC-ND-000150 - The Cisco router must be configured to enforce the limit of three consecutive invalid logon attempts, after which time it must lock out the user account from accessing the device for 15 minutes. | DISA STIG Cisco IOS XE Router NDM v3r2 | Cisco | ACCESS CONTROL |
| CISC-ND-000150 - The Cisco switch must be configured to enforce the limit of three consecutive invalid logon attempts, after which time it must disconnect the session. | DISA Cisco NX OS Switch NDM STIG v3r3 | Cisco | ACCESS CONTROL |
| CISC-ND-000150 - The Cisco switch must be configured to enforce the limit of three consecutive invalid logon attempts, after which time it must lock out the user account from accessing the device for 15 minutes. | DISA STIG Cisco IOS XE Switch NDM v3r2 | Cisco | ACCESS CONTROL |
| CISC-ND-000150 - The Cisco switch must be configured to enforce the limit of three consecutive invalid logon attempts, after which time it must lock out the user account from accessing the device for 15 minutes. | DISA STIG Cisco IOS Switch NDM v3r2 | Cisco | ACCESS CONTROL |
| ESXI-65-000005 - The ESXi host must enforce the limit of three consecutive invalid logon attempts by a user. | DISA STIG VMware vSphere ESXi 6.5 v2r4 | VMware | ACCESS CONTROL |
| GOOG-09-000500 - The Google Android Pie must be configured to not allow more than 10 consecutive failed authentication attempts. | AirWatch - DISA Google Android 9.x v2r1 | MDM | ACCESS CONTROL |
| GOOG-09-000500 - The Google Android Pie must be configured to not allow more than 10 consecutive failed authentication attempts. | MobileIron - DISA Google Android 9.x v2r1 | MDM | ACCESS CONTROL |
| GOOG-10-000500 - Google Android 10 must be configured to not allow more than 10 consecutive failed authentication attempts. | AirWatch - DISA Google Android 10.x v2r1 | MDM | ACCESS CONTROL |
| GOOG-10-000500 - Google Android 10 must be configured to not allow more than 10 consecutive failed authentication attempts. | MobileIron - DISA Google Android 10.x v2r1 | MDM | ACCESS CONTROL |
| JUNI-ND-000150 - The Juniper router must be configured to enforce the limit of three consecutive invalid logon attempts after which time lock out the user account from accessing the device for 15 minutes. | DISA STIG Juniper Router NDM v3r2 | Juniper | ACCESS CONTROL |
| JUSX-DM-000030 - For local accounts created on the device, the Juniper SRX Services Gateway must enforce the limit of three consecutive invalid logon attempts by a user during a 15-minute time period. | DISA Juniper SRX Services Gateway NDM v3r2 | Juniper | ACCESS CONTROL |
| OL6-00-000061 - The system must disable accounts after three consecutive unsuccessful logon attempts - system-auth | DISA STIG Oracle Linux 6 v2r7 | Unix | ACCESS CONTROL |
| OL08-00-020012 - OL 8 systems below version 8.2 must automatically lock an account when three unsuccessful logon attempts occur during a 15-minute time period. | DISA Oracle Linux 8 STIG v2r4 | Unix | ACCESS CONTROL |
| OL08-00-020013 - OL 8 systems, versions 8.2 and above, must automatically lock an account when three unsuccessful logon attempts occur during a 15-minute time period. | DISA Oracle Linux 8 STIG v2r4 | Unix | ACCESS CONTROL |
| OL08-00-020015 - OL 8 systems, versions 8.2 and above, must automatically lock an account until the locked account is released by an administrator when three unsuccessful logon attempts occur during a 15-minute time period. | DISA Oracle Linux 8 STIG v2r4 | Unix | ACCESS CONTROL |
| OL08-00-020017 - OL 8 systems, versions 8.2 and above, must ensure account lockouts persist. | DISA Oracle Linux 8 STIG v2r4 | Unix | ACCESS CONTROL |
| OL08-00-020018 - OL 8 systems below version 8.2 must prevent system messages from being presented when three unsuccessful logon attempts occur. | DISA Oracle Linux 8 STIG v2r4 | Unix | ACCESS CONTROL |
| OL08-00-020019 - OL 8 systems, versions 8.2 and above, must prevent system messages from being presented when three unsuccessful logon attempts occur. | DISA Oracle Linux 8 STIG v2r4 | Unix | ACCESS CONTROL |
| OL08-00-020020 - OL 8 systems below version 8.2 must log user name information when unsuccessful logon attempts occur. | DISA Oracle Linux 8 STIG v2r4 | Unix | ACCESS CONTROL |
| OL08-00-020021 - OL 8 systems, versions 8.2 and above, must log user name information when unsuccessful logon attempts occur. | DISA Oracle Linux 8 STIG v2r4 | Unix | ACCESS CONTROL |
| OL08-00-020025 - OL 8 must configure the use of the pam_faillock.so module in the /etc/pam.d/system-auth file. | DISA Oracle Linux 8 STIG v2r4 | Unix | ACCESS CONTROL |
| OL08-00-020026 - OL 8 must configure the use of the pam_faillock.so module in the /etc/pam.d/password-auth file. | DISA Oracle Linux 8 STIG v2r4 | Unix | ACCESS CONTROL |
| OL08-00-020028 - OL 8 systems below version 8.2 must configure SELinux context type to allow the use of a non-default faillock tally directory. | DISA Oracle Linux 8 STIG v2r4 | Unix | ACCESS CONTROL |
| PHTN-30-000002 - The Photon operating system must automatically lock an account when three unsuccessful logon attempts occur. | DISA STIG VMware vSphere 7.0 Photon OS v1r4 | Unix | ACCESS CONTROL |
| PHTN-67-000002 - The Photon operating system must automatically lock an account when three unsuccessful logon attempts occur. | DISA STIG VMware vSphere 6.7 Photon OS v1r6 | Unix | ACCESS CONTROL |
| RHEL-06-000061 - The system must disable accounts after three consecutive unsuccessful logon attempts - 'password-auth [default=die]' | DISA Red Hat Enterprise Linux 6 STIG v2r2 | Unix | ACCESS CONTROL |
| RHEL-06-000061 - The system must disable accounts after three consecutive unsuccessful logon attempts - 'password-auth required'. | DISA Red Hat Enterprise Linux 6 STIG v2r2 | Unix | ACCESS CONTROL |
| RHEL-06-000061 - The system must disable accounts after three consecutive unsuccessful logon attempts - 'system-auth [default=die]' | DISA Red Hat Enterprise Linux 6 STIG v2r2 | Unix | ACCESS CONTROL |
| RHEL-06-000061 - The system must disable accounts after three consecutive unsuccessful logon attempts - 'system-auth required' | DISA Red Hat Enterprise Linux 6 STIG v2r2 | Unix | ACCESS CONTROL |
| RHEL-08-020027 - RHEL 8 systems, versions 8.2 and above, must configure SELinux context type to allow the use of a non-default faillock tally directory. | DISA Red Hat Enterprise Linux 8 STIG v2r3 | Unix | ACCESS CONTROL |
| RHEL-09-411075 - RHEL 9 must automatically lock an account when three unsuccessful logon attempts occur. | DISA Red Hat Enterprise Linux 9 STIG v2r4 | Unix | ACCESS CONTROL |
| RHEL-09-411090 - RHEL 9 must maintain an account lock until the locked account is released by an administrator. | DISA Red Hat Enterprise Linux 9 STIG v2r4 | Unix | ACCESS CONTROL |
| SLES-12-010130 - The SUSE operating system must lock an account after three consecutive invalid access attempts. | DISA SLES 12 STIG v3r2 | Unix | ACCESS CONTROL |
| SOL-11.1-040140 - The system must disable accounts after three consecutive unsuccessful login attempts. | DISA STIG Solaris 11 X86 v3r1 | Unix | ACCESS CONTROL |
| SPLK-CL-000240 - Splunk Enterprise must enforce the limit of 3 consecutive invalid logon attempts by a user during a 15 minute time period. | DISA STIG Splunk Enterprise 7.x for Windows v3r1 REST API | Splunk | ACCESS CONTROL |
| UBTU-20-010072 - The Ubuntu operating system must automatically lock an account until the locked account is released by an administrator when three unsuccessful logon attempts have been made. | DISA Canonical Ubuntu 20.04 LTS STIG v2r2 | Unix | ACCESS CONTROL |
| UBTU-22-411045 - Ubuntu 22.04 LTS must automatically lock an account until the locked account is released by an administrator when three unsuccessful logon attempts have been made. | DISA Canonical Ubuntu 22.04 LTS STIG v2r4 | Unix | ACCESS CONTROL |
| UBTU-24-200610 - Ubuntu 24.04 LTS must automatically lock an account until the locked account is released by an administrator when three unsuccessful logon attempts have been made. | DISA Canonical Ubuntu 24.04 LTS STIG v1r1 | Unix | ACCESS CONTROL |
| WBLC-01-000032 - Oracle WebLogic must limit the number of failed login attempts to an organization-defined number of consecutive invalid attempts that occur within an organization-defined time period. | Oracle WebLogic Server 12c Windows v2r2 | Windows | ACCESS CONTROL |
| WN10-AC-000010 - The number of allowed bad logon attempts must be configured to 3 or less. | DISA Microsoft Windows 10 STIG v3r4 | Windows | ACCESS CONTROL |
| WN12-AC-000002 - The number of allowed bad logon attempts must meet minimum requirements. | DISA Windows Server 2012 and 2012 R2 MS STIG v3r7 | Windows | ACCESS CONTROL |
| WN16-AC-000020 - Windows Server 2016 must have the number of allowed bad logon attempts configured to three or less. | DISA Microsoft Windows Server 2016 STIG v2r10 | Windows | ACCESS CONTROL |
