Detections
Analytics

CCI|CCI-002238

Title

Automatically lock the account or node for either an organization-defined time period, until the locked account or node is released by an administrator, or delays the next logon prompt according to the organization-defined delay algorithm when the maximum number of unsuccessful logon attempts is exceeded.

Reference Item Details

Category: 2024

Audit Items

View all Reference Audit Items

NamePluginAudit Name
1.9 APPL-14-000022UnixCIS Apple macOS 14 (Sonoma) STIG v1.0.0 CAT II
1.21 APPL-14-000060UnixCIS Apple macOS 14 (Sonoma) STIG v1.0.0 CAT II
1.47 UBTU-24-200610UnixCIS Ubuntu Linux 24.04 LTS STIG v1.0.0 CAT III
1.80 UBTU-22-411045UnixCIS Ubuntu Linux 22.04 LTS STIG v1.0.0 CAT III
1.136 OL08-00-020010UnixCIS Oracle Linux 8 STIG v1.0.0 CAT II
1.137 OL08-00-020011UnixCIS Oracle Linux 8 STIG v1.0.0 CAT II
1.138 OL08-00-020012UnixCIS Oracle Linux 8 STIG v1.0.0 CAT II
1.139 OL08-00-020013UnixCIS Oracle Linux 8 STIG v1.0.0 CAT II
1.140 OL08-00-020014UnixCIS Oracle Linux 8 STIG v1.0.0 CAT II
1.141 OL08-00-020015UnixCIS Oracle Linux 8 STIG v1.0.0 CAT II
1.142 OL08-00-020016UnixCIS Oracle Linux 8 STIG v1.0.0 CAT II
1.143 OL08-00-020017UnixCIS Oracle Linux 8 STIG v1.0.0 CAT II
1.144 OL08-00-020018UnixCIS Oracle Linux 8 STIG v1.0.0 CAT II
1.145 OL08-00-020019UnixCIS Oracle Linux 8 STIG v1.0.0 CAT II
1.146 OL08-00-020020UnixCIS Oracle Linux 8 STIG v1.0.0 CAT II
1.147 OL08-00-020021UnixCIS Oracle Linux 8 STIG v1.0.0 CAT II
1.148 OL08-00-020022UnixCIS Oracle Linux 8 STIG v1.0.0 CAT II
1.149 OL08-00-020023UnixCIS Oracle Linux 8 STIG v1.0.0 CAT II
1.151 OL08-00-020025UnixCIS Oracle Linux 8 STIG v1.0.0 CAT II
1.152 OL08-00-020026UnixCIS Oracle Linux 8 STIG v1.0.0 CAT II
1.153 OL08-00-020027UnixCIS Oracle Linux 8 STIG v1.0.0 CAT II
1.154 OL08-00-020028UnixCIS Oracle Linux 8 STIG v1.0.0 CAT II
1.279 RHEL-09-411075UnixCIS Red Hat Enterprise Linux 9 STIG v1.0.0 CAT II
1.280 RHEL-09-411080UnixCIS Red Hat Enterprise Linux 9 STIG v1.0.0 CAT II
1.281 RHEL-09-411085UnixCIS Red Hat Enterprise Linux 9 STIG v1.0.0 CAT II
1.282 RHEL-09-411090UnixCIS Red Hat Enterprise Linux 9 STIG v1.0.0 CAT II
4.003 - Time before bad-logon counter is reset does not meet minimum requirements.WindowsDISA Windows Vista STIG v6r41
4.004 - Lockout duration does not meet minimum requirements.WindowsDISA Windows Vista STIG v6r41
5.4.12 Ensure accounts lock for a minimum of 15 minutes after three unsuccessful logon attempts within a 15-minute timeframe - password-auth denyUnixCIS Red Hat Enterprise Linux 7 STIG v2.0.0 STIG
5.4.12 Ensure accounts lock for a minimum of 15 minutes after three unsuccessful logon attempts within a 15-minute timeframe - password-auth even_deny_rootUnixCIS Red Hat Enterprise Linux 7 STIG v2.0.0 STIG
5.4.12 Ensure accounts lock for a minimum of 15 minutes after three unsuccessful logon attempts within a 15-minute timeframe - password-auth fail_intervalUnixCIS Red Hat Enterprise Linux 7 STIG v2.0.0 STIG
5.4.12 Ensure accounts lock for a minimum of 15 minutes after three unsuccessful logon attempts within a 15-minute timeframe - password-auth unlock_timeUnixCIS Red Hat Enterprise Linux 7 STIG v2.0.0 STIG
5.4.12 Ensure accounts lock for a minimum of 15 minutes after three unsuccessful logon attempts within a 15-minute timeframe - system-auth denyUnixCIS Red Hat Enterprise Linux 7 STIG v2.0.0 STIG
5.4.12 Ensure accounts lock for a minimum of 15 minutes after three unsuccessful logon attempts within a 15-minute timeframe - system-auth even_deny_rootUnixCIS Red Hat Enterprise Linux 7 STIG v2.0.0 STIG
5.4.12 Ensure accounts lock for a minimum of 15 minutes after three unsuccessful logon attempts within a 15-minute timeframe - system-auth fail_intervalUnixCIS Red Hat Enterprise Linux 7 STIG v2.0.0 STIG
5.4.12 Ensure accounts lock for a minimum of 15 minutes after three unsuccessful logon attempts within a 15-minute timeframe - system-auth unlock_timeUnixCIS Red Hat Enterprise Linux 7 STIG v2.0.0 STIG
5.4.13 Ensure lockout for unsuccessful root logon attemptsUnixCIS Red Hat Enterprise Linux 7 STIG v2.0.0 STIG
5.4.13 Ensure lockout for unsuccessful root logon attempts - password-auth defaultUnixCIS Red Hat Enterprise Linux 7 STIG v2.0.0 STIG
5.4.13 Ensure lockout for unsuccessful root logon attempts - system-auth defaultUnixCIS Red Hat Enterprise Linux 7 STIG v2.0.0 STIG
5.4.13 Ensure lockout for unsuccessful root logon attempts - system-auth requiredUnixCIS Red Hat Enterprise Linux 7 STIG v2.0.0 STIG
AIX7-00-001003 - AIX must enforce the limit of three consecutive invalid login attempts by a user before the user account is locked and released by an administrator.UnixDISA STIG AIX 7.x v3r1
ALMA-09-008160 - AlmaLinux OS 9 must maintain an account lock until the locked account is manually released by an administrator; and not automatically after a set time.UnixDISA CloudLinux AlmaLinux OS 9 STIG v1r3
ALMA-09-008270 - AlmaLinux OS 9 must ensure account locks persist across reboots.UnixDISA CloudLinux AlmaLinux OS 9 STIG v1r3
ALMA-09-008380 - AlmaLinux OS 9 must configure the appropriate SELinux context on the nondefault faillock tally directory.UnixDISA CloudLinux AlmaLinux OS 9 STIG v1r3
AOSX-13-001324 - The macOS system must enforce an account lockout time period of 15 minutes in which a user makes three consecutive invalid logon attempts.UnixDISA STIG Apple Mac OSX 10.13 v2r5
AOSX-13-001327 - The macOS system must enforce the limit of three consecutive invalid logon attempts by a user before the user account is locked.UnixDISA STIG Apple Mac OSX 10.13 v2r5
AOSX-14-000021 - The macOS system must enforce an account lockout time period of 15 minutes in which a user makes three consecutive invalid logon attempts.UnixDISA STIG Apple Mac OSX 10.14 v2r6
AOSX-14-000022 - The macOS system must enforce the limit of three consecutive invalid logon attempts by a user before the user account is locked.UnixDISA STIG Apple Mac OSX 10.14 v2r6
AOSX-15-000021 - The macOS system must enforce an account lockout time period of 15 minutes in which a user makes three consecutive invalid logon attempts.UnixDISA STIG Apple Mac OSX 10.15 v1r10
AOSX-15-000022 - The macOS system must enforce the limit of three consecutive invalid logon attempts by a user before the user account is locked.UnixDISA STIG Apple Mac OSX 10.15 v1r10