800-53|AC-7

Title

UNSUCCESSFUL LOGON ATTEMPTS

Description

The information system:

Supplemental

This control applies regardless of whether the logon occurs via a local or network connection. Due to the potential for denial of service, automatic lockouts initiated by information systems are usually temporary and automatically release after a predetermined time period established by organizations. If a delay algorithm is selected, organizations may choose to employ different algorithms for different information system components based on the capabilities of those components. Responses to unsuccessful logon attempts may be implemented at both the operating system and the application levels.

Reference Item Details

Related: AC-14,AC-2,AC-9,IA-5

Category: ACCESS CONTROL

Family: ACCESS CONTROL

Priority: P2

Baseline Impact: LOW,MODERATE,HIGH

Audit Items

View all Reference Audit Items

NamePluginAudit Name
1.2.1 Ensure 'Account lockout duration' is set to '15 or more minute(s)'WindowsCIS Windows Server 2012 R2 MS L1 v2.5.0
1.2.1 Ensure 'Account lockout duration' is set to '15 or more minute(s)'WindowsCIS Windows Server 2012 R2 DC L1 v2.5.0
1.2.1 Ensure 'Account lockout duration' is set to '15 or more minute(s)'WindowsCIS Microsoft Windows Server 2019 STIG DC STIG v1.0.1
1.2.1 Ensure 'Account lockout duration' is set to '15 or more minute(s)'WindowsCIS Microsoft Windows Server 2019 STIG MS L1 v1.0.1
1.2.1 Ensure 'Account lockout duration' is set to '15 or more minute(s)'WindowsCIS Microsoft Windows Server 2019 DC L1 v1.3.0
1.2.1 Ensure 'Account lockout duration' is set to '15 or more minute(s)'WindowsCIS Microsoft Windows Server 2019 MS L1 v1.3.0
1.2.1 Ensure 'Account lockout duration' is set to '15 or more minute(s)'WindowsCIS Microsoft Windows 11 Enterprise v1.0.0 L1
1.2.1 Ensure 'Account lockout duration' is set to '15 or more minute(s)'WindowsCIS Microsoft Windows 11 Enterprise v1.0.0 L1 + BL
1.2.1 Ensure 'Account lockout duration' is set to '15 or more minute(s)'WindowsCIS Microsoft Windows Server 2022 v1.0.0 L1 MS
1.2.1 Ensure 'Account lockout duration' is set to '15 or more minute(s)'WindowsCIS Microsoft Windows 10 Enterprise v1.12.0 L1 + NG
1.2.1 Ensure 'Account lockout duration' is set to '15 or more minute(s)'WindowsCIS Microsoft Windows 10 Enterprise v1.12.0 L1
1.2.1 Ensure 'Account lockout duration' is set to '15 or more minute(s)'WindowsCIS Microsoft Windows 10 Enterprise v1.12.0 L1 + BL
1.2.1 Ensure 'Account lockout duration' is set to '15 or more minute(s)'WindowsCIS Microsoft Windows Server 2016 STIG MS STIG v1.1.0
1.2.1 Ensure 'Account lockout duration' is set to '15 or more minute(s)'WindowsCIS Microsoft Windows Server 2016 MS L1 v1.3.0
1.2.1 Ensure 'Account lockout duration' is set to '15 or more minute(s)'WindowsCIS Microsoft Windows Server 2016 DC L1 v1.3.0
1.2.1 Ensure 'Account lockout duration' is set to '15 or more minute(s)'WindowsCIS Microsoft Windows 10 Enterprise v1.12.0 L1 + BL + NG
1.2.1 Ensure 'Account lockout duration' is set to '15 or more minute(s)'WindowsCIS Microsoft Windows 11 Enterprise v1.0.0 L1 + BL + NG
1.2.1 Ensure 'Account lockout duration' is set to '15 or more minute(s)'WindowsCIS Microsoft Windows Server 2022 v1.0.0 L1 DC
1.2.1 Ensure 'Account lockout duration' is set to '15 or more minute(s)'WindowsCIS Microsoft Windows 11 Enterprise v1.0.0 L1 + NG
1.2.1 Ensure 'Account lockout duration' is set to '15 or more minute(s)'WindowsCIS Microsoft Windows Server 2019 STIG MS STIG v1.0.1
1.2.1 Ensure 'Account lockout duration' is set to '15 or more minute(s)'WindowsCIS Microsoft Windows Server 2016 STIG DC L1 v1.1.0
1.2.1 Ensure 'Account lockout duration' is set to '15 or more minute(s)'WindowsCIS Microsoft Windows Server 2016 STIG DC STIG v1.1.0
1.2.1 Ensure 'Account lockout duration' is set to '15 or more minute(s)'WindowsCIS Microsoft Windows Server 2016 STIG MS L1 v1.1.0
1.2.1 Ensure 'Account lockout duration' is set to '15 or more minute(s)'WindowsCIS Microsoft Windows Server 2019 STIG DC L1 v1.0.1
1.2.2 Ensure 'Account lockout threshold' is set to '3 or fewer invalid logon attempt(s), but not 0'WindowsCIS Microsoft Windows Server 2016 STIG DC STIG v1.1.0
1.2.2 Ensure 'Account lockout threshold' is set to '3 or fewer invalid logon attempt(s), but not 0'WindowsCIS Microsoft Windows Server 2019 STIG MS STIG v1.0.1
1.2.2 Ensure 'Account lockout threshold' is set to '3 or fewer invalid logon attempt(s), but not 0'WindowsCIS Microsoft Windows Server 2019 STIG DC STIG v1.0.1
1.2.2 Ensure 'Account lockout threshold' is set to '3 or fewer invalid logon attempt(s), but not 0'WindowsCIS Microsoft Windows Server 2016 STIG MS STIG v1.1.0
1.2.2 Ensure 'Account lockout threshold' is set to '5 or fewer invalid logon attempt(s), but not 0'WindowsCIS Microsoft Windows Server 2016 DC L1 v1.3.0
1.2.2 Ensure 'Account lockout threshold' is set to '5 or fewer invalid logon attempt(s), but not 0'WindowsCIS Windows Server 2012 R2 MS L1 v2.5.0
1.2.2 Ensure 'Account lockout threshold' is set to '5 or fewer invalid logon attempt(s), but not 0'WindowsCIS Windows Server 2012 R2 DC L1 v2.5.0
1.2.2 Ensure 'Account lockout threshold' is set to '5 or fewer invalid logon attempt(s), but not 0'WindowsCIS Microsoft Windows Server 2019 DC L1 v1.3.0
1.2.2 Ensure 'Account lockout threshold' is set to '5 or fewer invalid logon attempt(s), but not 0'WindowsCIS Microsoft Windows 11 Enterprise v1.0.0 L1 + BL + NG
1.2.2 Ensure 'Account lockout threshold' is set to '5 or fewer invalid logon attempt(s), but not 0'WindowsCIS Microsoft Windows Server 2019 MS L1 v1.3.0
1.2.2 Ensure 'Account lockout threshold' is set to '5 or fewer invalid logon attempt(s), but not 0'WindowsCIS Microsoft Windows 11 Enterprise v1.0.0 L1 + BL
1.2.2 Ensure 'Account lockout threshold' is set to '5 or fewer invalid logon attempt(s), but not 0'WindowsCIS Microsoft Windows 10 Enterprise v1.12.0 L1 + NG
1.2.2 Ensure 'Account lockout threshold' is set to '5 or fewer invalid logon attempt(s), but not 0'WindowsCIS Microsoft Windows 10 Enterprise v1.12.0 L1
1.2.2 Ensure 'Account lockout threshold' is set to '5 or fewer invalid logon attempt(s), but not 0'WindowsCIS Microsoft Windows Server 2016 MS L1 v1.3.0
1.2.2 Ensure 'Account lockout threshold' is set to '5 or fewer invalid logon attempt(s), but not 0'WindowsCIS Microsoft Windows 10 Enterprise v1.12.0 L1 + BL
1.2.2 Ensure 'Account lockout threshold' is set to '5 or fewer invalid logon attempt(s), but not 0'WindowsCIS Microsoft Windows 10 Enterprise v1.12.0 L1 + BL + NG
1.2.2 Ensure 'Account lockout threshold' is set to '5 or fewer invalid logon attempt(s), but not 0'WindowsCIS Microsoft Windows Server 2022 v1.0.0 L1 MS
1.2.2 Ensure 'Account lockout threshold' is set to '5 or fewer invalid logon attempt(s), but not 0'WindowsCIS Microsoft Windows Server 2022 v1.0.0 L1 DC
1.2.2 Ensure 'Account lockout threshold' is set to '5 or fewer invalid logon attempt(s), but not 0'WindowsCIS Microsoft Windows 11 Enterprise v1.0.0 L1
1.2.2 Ensure 'Account lockout threshold' is set to '5 or fewer invalid logon attempt(s), but not 0'WindowsCIS Microsoft Windows 11 Enterprise v1.0.0 L1 + NG
1.2.3 - /etc/security/login.cfg - 'loginreenable >= 360'UnixCIS AIX 5.3/6.1 L1 v1.1.0
1.2.3 Ensure 'Account lockout threshold' is set to '5 or fewer invalid logon attempt(s), but not 0'WindowsCIS Microsoft Windows Server 2016 STIG DC L1 v1.1.0
1.2.3 Ensure 'Account lockout threshold' is set to '5 or fewer invalid logon attempt(s), but not 0'WindowsCIS Microsoft Windows Server 2016 STIG MS L1 v1.1.0
1.2.3 Ensure 'Account lockout threshold' is set to '10 or fewer invalid logon attempt(s), but not 0'WindowsCIS Microsoft Windows Server 2019 STIG MS L1 v1.0.1
1.2.3 Ensure 'Account lockout threshold' is set to '10 or fewer invalid logon attempt(s), but not 0'WindowsCIS Microsoft Windows Server 2019 STIG DC L1 v1.0.1
1.2.3 Ensure 'Reset account lockout counter after' is set to '15 or more minute(s)'WindowsCIS Microsoft Windows Server 2016 DC L1 v1.3.0