STIGQter: STIG Summary: Splunk Enterprise 7.x for Windows Security Technical Implementation Guide Version: 2 Release: 2 Benchmark Date: 23 Apr 2021:

Splunk Enterprise must enforce the limit of 3 consecutive invalid logon attempts by a user during a 15 minute time period.

DISA Rule

SV-221941r508660_rule

Vulnerability Number

V-221941

Group Title

SRG-APP-000065-AU-000240

Rule Version

SPLK-CL-000240

Severity

CAT II

CCI(s)

• CCI-000044 - The information system enforces the organization-defined limit of consecutive invalid logon attempts by a user during the organization-defined time period.

Weight

10

Fix Recommendation

Select Settings >> Access Controls >> Password Policy Management.

Set Lockout to Enabled. Set Failed login attempts to 3 and Lockout threshold in minutes to 15.

Check Contents

Select Settings >> Access Controls >> Password Policy Management.

Verify that Lockout is Enabled, Failed login attempts is set to 3, and Lockout threshold in minutes is set to 15.

If these settings are not set as described, this is a finding.

Vulnerability Number

V-221941

Documentable

False

Rule Version

SPLK-CL-000240

Severity Override Guidance

Select Settings >> Access Controls >> Password Policy Management.

Verify that Lockout is Enabled, Failed login attempts is set to 3, and Lockout threshold in minutes is set to 15.

If these settings are not set as described, this is a finding.

Check Content Reference

M

Target Key

4082

Comments