CSCv6|16.7

Title

Use and configure account lockouts such that after a set number of failed login attempts the account is locked for a standard period of time.

Description

Use and configure account lockouts such that after a set number of failed login attempts the account is locked for a standard period of time.

Reference Item Details

Category: Account Monitoring and Control

Family: Application

Audit Items

View all Reference Audit Items

NamePluginAudit Name
1.1.1.1 Set 'Account lockout threshold' to '5 invalid logon attempt(s)'WindowsCIS Windows 8 L1 v1.0.0
1.1.1.1.2.1 Set 'Reset account lockout counter after' to '15' or moreWindowsCIS Windows 2003 MS v3.1.0
1.1.1.1.2.1 Set 'Reset account lockout counter after' to '15' or moreWindowsCIS Windows 2003 DC v3.1.0
1.1.1.1.2.2 Set 'Account lockout duration' to '15' or greaterWindowsCIS Windows 2003 MS v3.1.0
1.1.1.1.2.2 Set 'Account lockout duration' to '15' or greaterWindowsCIS Windows 2003 DC v3.1.0
1.1.1.1.2.3 Set 'Account lockout threshold' is set to '6' or fewerWindowsCIS Windows 2003 DC v3.1.0
1.1.1.1.2.3 Set 'Account lockout threshold' is set to '6' or fewerWindowsCIS Windows 2003 MS v3.1.0
1.1.1.2 Set 'Account lockout duration' to '15 or more minute(s)'WindowsCIS Windows 8 L1 v1.0.0
1.1.1.3 Set 'Reset account lockout counter after' to '15 minute(s)'WindowsCIS Windows 8 L1 v1.0.0
1.1.2.31 Set 'Audit Policy: Logon-Logoff: Account Lockout' to 'No Auditing'WindowsCIS Windows 8 L1 v1.0.0
1.1.3.6.1 Set 'Interactive logon: Machine account lockout threshold' to 10 or fewer invalid logon attemptsWindowsCIS Windows 8 L1 v1.0.0
1.1.7 Account lockout durationWindowsCIS Windows 2008 SSLF v1.2.0
1.1.7 Account lockout durationWindowsCIS Windows 2008 Enterprise v1.2.0
1.1.8 Account lockout thresholdWindowsCIS Windows 2008 SSLF v1.2.0
1.1.8 Account lockout thresholdWindowsCIS Windows 2008 Enterprise v1.2.0
1.1.9 Reset account lockout counter afterWindowsCIS Windows 2008 Enterprise v1.2.0
1.1.9 Reset account lockout counter afterWindowsCIS Windows 2008 SSLF v1.2.0
1.2.1 (L1) Ensure 'Account lockout duration' is set to '15 or more minute(s)'WindowsCIS Microsoft Windows 8.1 v2.4.0 L1 Bitlocker
1.2.1 (L1) Ensure 'Account lockout duration' is set to '15 or more minute(s)'WindowsCIS Microsoft Windows 10 Enterprise (Release 1803) v1.5.0 Level 1
1.2.1 (L1) Ensure 'Account lockout duration' is set to '15 or more minute(s)'WindowsCIS Microsoft Windows 8.1 v2.4.0 L1
1.2.1 (L1) Ensure 'Account lockout duration' is set to '15 or more minute(s)'WindowsCIS Microsoft Windows 8.1 v2.4.1 L1 Bitlocker
1.2.1 (L1) Ensure 'Account lockout duration' is set to '15 or more minute(s)'WindowsCIS Microsoft Windows 10 Enterprise (Release 1607) v1.2.0 Level 1 Bitlocker
1.2.1 Ensure 'Account lockout duration' is set to '15 or more minute(s)'WindowsCIS Windows Server 2012 MS L1 v2.1.0
1.2.1 Ensure 'Account lockout duration' is set to '15 or more minute(s)'WindowsCIS Microsoft Windows Server 2008 Domain Controller Level 1 v3.2.0
1.2.1 Ensure 'Account lockout duration' is set to '15 or more minute(s)'WindowsCIS Microsoft Windows Server 2008 Member Server Level 1 v3.1.0
1.2.1 Ensure 'Account lockout duration' is set to '15 or more minute(s)'WindowsCIS Microsoft Windows Server 2008 R2 Domain Controller Level 1 v3.1.0
1.2.1 Ensure 'Account lockout duration' is set to '15 or more minute(s)'WindowsCIS Microsoft Windows 11 Enterprise v1.0.0 L1 + BL
1.2.1 Ensure 'Account lockout duration' is set to '15 or more minute(s)'WindowsCIS Microsoft Windows 10 Enterprise (Release 1809) v1.6.1 L1 + BL
1.2.1 Ensure 'Account lockout duration' is set to '15 or more minute(s)'WindowsCIS Microsoft Windows 10 Enterprise (Release 21H1) v1.11.0 L1
1.2.1 Ensure 'Account lockout duration' is set to '15 or more minute(s)'WindowsCIS Windows Server 2012 DC L1 v2.1.0
1.2.1 Ensure 'Account lockout duration' is set to '15 or more minute(s)'WindowsCIS Windows 7 Workstation Level 1 v3.1.0
1.2.1 Ensure 'Account lockout duration' is set to '15 or more minute(s)'WindowsCIS Windows 7 Workstation Level 1 v3.2.0
1.2.1 Ensure 'Account lockout duration' is set to '15 or more minute(s)'WindowsCIS Microsoft Windows 8.1 L1 v2.3.0
1.2.1 Ensure 'Account lockout duration' is set to '15 or more minute(s)'WindowsCIS Microsoft Windows 10 Enterprise (Release 21H1) v1.11.0 L1 + NG
1.2.1 Ensure 'Account lockout duration' is set to '15 or more minute(s)'WindowsCIS Microsoft Windows 10 Enterprise (Release 20H2) v1.10.1 L1 + BL
1.2.1 Ensure 'Account lockout duration' is set to '15 or more minute(s)'WindowsCIS Microsoft Windows 10 Enterprise (Release 21H1) v1.11.0 L1 + BL + NG
1.2.1 Ensure 'Account lockout duration' is set to '15 or more minute(s)'WindowsCIS Microsoft Windows Server 2008 R2 Domain Controller Level 1 v3.2.0
1.2.1 Ensure 'Account lockout duration' is set to '15 or more minute(s)'WindowsCIS Microsoft Windows 11 Enterprise v1.0.0 L1 + NG
1.2.1 Ensure 'Account lockout duration' is set to '15 or more minute(s)'WindowsCIS Microsoft Windows Server 2016 MS L1 v1.3.0
1.2.1 Ensure 'Account lockout duration' is set to '15 or more minute(s)'WindowsCIS Microsoft Windows 10 Enterprise (Release 1809) v1.6.1 L1 + NG
1.2.1 Ensure 'Account lockout duration' is set to '15 or more minute(s)'WindowsCIS Windows Server 2012 R2 MS L1 v2.4.0
1.2.1 Ensure 'Account lockout duration' is set to '15 or more minute(s)'WindowsCIS Microsoft Windows 10 Enterprise (Release 20H2) v1.10.1 L1 + BL + NG
1.2.1 Ensure 'Account lockout duration' is set to '15 or more minute(s)'WindowsCIS Microsoft Windows 10 Enterprise (Release 1903) v1.7.1 L1 + BL + NG
1.2.1 Ensure 'Account lockout duration' is set to '15 or more minute(s)'WindowsCIS Microsoft Windows 10 Enterprise (Release 1909) v1.8.1 L1 + BL
1.2.1 Ensure 'Account lockout duration' is set to '15 or more minute(s)'WindowsCIS Microsoft Windows 10 Enterprise (Release 2004) v1.9.1 L1 + BL
1.2.1 Ensure 'Account lockout duration' is set to '15 or more minute(s)'WindowsCIS Microsoft Windows 10 Enterprise (Release 2004) v1.9.1 L1 + BL + NG
1.2.1 Ensure 'Account lockout duration' is set to '15 or more minute(s)'WindowsCIS Windows Server 2012 MS L1 v2.2.0
1.2.1 Ensure 'Account lockout duration' is set to '15 or more minute(s)'WindowsCIS Windows Server 2012 R2 MS L1 v2.5.0
1.2.1 Ensure 'Account lockout duration' is set to '15 or more minute(s)'WindowsCIS Microsoft Windows Server 2008 R2 Member Server Level 1 v3.1.0
1.119 - When passwords are changed or new passwords are established, pwquality must be used.UnixTenable Fedora Linux Best Practices v2.0.0