CSCv6|16.7

Title

Use and configure account lockouts such that after a set number of failed login attempts the account is locked for a standard period of time.

Description

Use and configure account lockouts such that after a set number of failed login attempts the account is locked for a standard period of time.

Reference Item Details

Category: Account Monitoring and Control

Family: Application

Audit Items

View all Reference Audit Items

NamePluginAudit Name
1.1.1.1 Set 'Account lockout threshold' to '5 invalid logon attempt(s)'WindowsCIS Windows 8 L1 v1.0.0
1.1.1.2 Set 'Account lockout duration' to '15 or more minute(s)'WindowsCIS Windows 8 L1 v1.0.0
1.1.1.3 Set 'Reset account lockout counter after' to '15 minute(s)'WindowsCIS Windows 8 L1 v1.0.0
1.1.2.31 Set 'Audit Policy: Logon-Logoff: Account Lockout' to 'No Auditing'WindowsCIS Windows 8 L1 v1.0.0
1.1.3.6.1 Set 'Interactive logon: Machine account lockout threshold' to 10 or fewer invalid logon attemptsWindowsCIS Windows 8 L1 v1.0.0
1.2.1 (L1) Ensure 'Account lockout duration' is set to '15 or more minute(s)'WindowsCIS Microsoft Windows 8.1 v2.4.0 L1
1.2.1 (L1) Ensure 'Account lockout duration' is set to '15 or more minute(s)'WindowsCIS Microsoft Windows 8.1 v2.4.0 L1 Bitlocker
1.2.1 Ensure 'Account lockout duration' is set to '15 or more minute(s)'WindowsCIS Microsoft Windows Server 2008 Member Server Level 1 v3.2.0
1.2.1 Ensure 'Account lockout duration' is set to '15 or more minute(s)'WindowsCIS Windows 7 Workstation Level 1 v3.2.0
1.2.1 Ensure 'Account lockout duration' is set to '15 or more minute(s)'WindowsCIS Windows Server 2012 R2 MS L1 v2.5.0
1.2.1 Ensure 'Account lockout duration' is set to '15 or more minute(s)'WindowsCIS Windows Server 2012 R2 DC L1 v2.5.0
1.2.1 Ensure 'Account lockout duration' is set to '15 or more minute(s)'WindowsCIS Windows Server 2012 DC L1 v2.2.0
1.2.1 Ensure 'Account lockout duration' is set to '15 or more minute(s)'WindowsCIS Microsoft Windows Server 2008 Domain Controller Level 1 v3.2.0
1.2.1 Ensure 'Account lockout duration' is set to '15 or more minute(s)'WindowsCIS Microsoft Windows Server 2016 MS L1 v1.3.0
1.2.1 Ensure 'Account lockout duration' is set to '15 or more minute(s)'WindowsCIS Microsoft Windows 11 Enterprise v1.0.0 L1 + BL
1.2.1 Ensure 'Account lockout duration' is set to '15 or more minute(s)'WindowsCIS Microsoft Windows 11 Enterprise v1.0.0 L1
1.2.1 Ensure 'Account lockout duration' is set to '15 or more minute(s)'WindowsCIS Microsoft Windows Server 2016 DC L1 v1.3.0
1.2.1 Ensure 'Account lockout duration' is set to '15 or more minute(s)'WindowsCIS Windows Server 2012 MS L1 v2.2.0
1.2.1 Ensure 'Account lockout duration' is set to '15 or more minute(s)'WindowsCIS Microsoft Windows Server 2008 R2 Domain Controller Level 1 v3.2.0
1.2.1 Ensure 'Account lockout duration' is set to '15 or more minute(s)'WindowsCIS Microsoft Windows Server 2008 R2 Member Server Level 1 v3.2.0
1.2.1 Ensure 'Account lockout duration' is set to '15 or more minute(s)'WindowsCIS Microsoft Windows 11 Enterprise v1.0.0 L1 + NG
1.2.1 Ensure 'Account lockout duration' is set to '15 or more minute(s)'WindowsCIS Microsoft Windows 11 Enterprise v1.0.0 L1 + BL + NG
1.2.1 Ensure 'Account lockout duration' is set to '15 or more minute(s)'WindowsCIS Windows 7 Workstation Level 1 + Bitlocker v3.2.0
1.2.2 (L1) Ensure 'Account lockout threshold' is set to '10 or fewer invalid logon attempt(s), but not 0'WindowsCIS Microsoft Windows 8.1 v2.4.0 L1 Bitlocker
1.2.2 (L1) Ensure 'Account lockout threshold' is set to '10 or fewer invalid logon attempt(s), but not 0'WindowsCIS Microsoft Windows 8.1 v2.4.0 L1
1.2.2 Ensure 'Account lockout threshold' is set to '5 or fewer invalid logon attempt(s), but not 0'WindowsCIS Microsoft Windows Server 2016 DC L1 v1.3.0
1.2.2 Ensure 'Account lockout threshold' is set to '5 or fewer invalid logon attempt(s), but not 0'WindowsCIS Windows Server 2012 R2 MS L1 v2.5.0
1.2.2 Ensure 'Account lockout threshold' is set to '5 or fewer invalid logon attempt(s), but not 0'WindowsCIS Windows Server 2012 R2 DC L1 v2.5.0
1.2.2 Ensure 'Account lockout threshold' is set to '5 or fewer invalid logon attempt(s), but not 0'WindowsCIS Microsoft Windows Server 2016 MS L1 v1.3.0
1.2.2 Ensure 'Account lockout threshold' is set to '10 or fewer invalid logon attempt(s), but not 0'WindowsCIS Windows 7 Workstation Level 1 v3.2.0
1.2.2 Ensure 'Account lockout threshold' is set to '10 or fewer invalid logon attempt(s), but not 0'WindowsCIS Windows 7 Workstation Level 1 + Bitlocker v3.2.0
1.2.2 Ensure 'Account lockout threshold' is set to '10 or fewer invalid logon attempt(s), but not 0'WindowsCIS Windows Server 2012 MS L1 v2.2.0
1.2.2 Ensure 'Account lockout threshold' is set to '10 or fewer invalid logon attempt(s), but not 0'WindowsCIS Microsoft Windows Server 2008 Domain Controller Level 1 v3.2.0
1.2.2 Ensure 'Account lockout threshold' is set to '10 or fewer invalid logon attempt(s), but not 0'WindowsCIS Microsoft Windows Server 2008 Member Server Level 1 v3.2.0
1.2.2 Ensure 'Account lockout threshold' is set to '10 or fewer invalid logon attempt(s), but not 0'WindowsCIS Microsoft Windows Server 2008 R2 Domain Controller Level 1 v3.2.0
1.2.2 Ensure 'Account lockout threshold' is set to '10 or fewer invalid logon attempt(s), but not 0'WindowsCIS Microsoft Windows Server 2008 R2 Member Server Level 1 v3.2.0
1.2.2 Ensure 'Account lockout threshold' is set to '10 or fewer invalid logon attempt(s), but not 0'WindowsCIS Windows Server 2012 DC L1 v2.2.0
1.2.3 (L1) Ensure 'Reset account lockout counter after' is set to '15 or more minute(s)'WindowsCIS Microsoft Windows 8.1 v2.4.0 L1 Bitlocker
1.2.3 (L1) Ensure 'Reset account lockout counter after' is set to '15 or more minute(s)'WindowsCIS Microsoft Windows 8.1 v2.4.0 L1
1.2.3 Ensure 'Reset account lockout counter after' is set to '15 or more minute(s)'WindowsCIS Microsoft Windows Server 2008 Member Server Level 1 v3.2.0
1.2.3 Ensure 'Reset account lockout counter after' is set to '15 or more minute(s)'WindowsCIS Microsoft Windows Server 2016 DC L1 v1.3.0
1.2.3 Ensure 'Reset account lockout counter after' is set to '15 or more minute(s)'WindowsCIS Windows Server 2012 R2 MS L1 v2.5.0
1.2.3 Ensure 'Reset account lockout counter after' is set to '15 or more minute(s)'WindowsCIS Microsoft Windows 11 Enterprise v1.0.0 L1 + BL
1.2.3 Ensure 'Reset account lockout counter after' is set to '15 or more minute(s)'WindowsCIS Microsoft Windows 11 Enterprise v1.0.0 L1 + NG
1.2.3 Ensure 'Reset account lockout counter after' is set to '15 or more minute(s)'WindowsCIS Microsoft Windows Server 2008 R2 Member Server Level 1 v3.2.0
1.2.3 Ensure 'Reset account lockout counter after' is set to '15 or more minute(s)'WindowsCIS Windows Server 2012 MS L1 v2.2.0
1.2.3 Ensure 'Reset account lockout counter after' is set to '15 or more minute(s)'WindowsCIS Microsoft Windows Server 2008 Domain Controller Level 1 v3.2.0
1.2.3 Ensure 'Reset account lockout counter after' is set to '15 or more minute(s)'WindowsCIS Windows 7 Workstation Level 1 v3.2.0
1.2.3 Ensure 'Reset account lockout counter after' is set to '15 or more minute(s)'WindowsCIS Microsoft Windows Server 2016 MS L1 v1.3.0
1.2.3 Ensure 'Reset account lockout counter after' is set to '15 or more minute(s)'WindowsCIS Microsoft Windows Server 2008 R2 Domain Controller Level 1 v3.2.0