STIGQter: STIG Summary: VMware vSphere 6.7 vCenter Security Technical Implementation Guide Version: 1 Release: 1 Benchmark Date: 09 Mar 2021:

The vCenter Server must limit the maximum number of failed login attempts to three.

DISA Rule

SV-243104r719555_rule

Vulnerability Number

V-243104

Group Title

SRG-APP-000345

Rule Version

VCTR-67-000045

Severity

CAT II

CCI(s)

• CCI-002238 - The information system automatically locks the account or node for either an organization-defined time period, until the locked account or node is released by an administrator, or delays the next logon prompt according to the organization-defined delay algorithm when the maximum number of unsuccessful logon attempts is exceeded.

Weight

10

Fix Recommendation

From the vSphere Client, go to Administration >> Single Sign-On >> Configuration >> Policies >> Lockout Policy.

Click "Edit".

Set the "Maximum number of failed login attempts" to "3" and click "OK".

Check Contents

From the vSphere Client, go to Administration >> Single Sign-On >> Configuration >> Policies >> Lockout Policy.

View the values for the lockout policies.

The following lockout policy should be set at follows:

Maximum number of failed login attempts: 3

If this account lockout policy is not configured as stated, this is a finding.

Vulnerability Number

V-243104

Documentable

False

Rule Version

VCTR-67-000045

Severity Override Guidance

From the vSphere Client, go to Administration >> Single Sign-On >> Configuration >> Policies >> Lockout Policy.

View the values for the lockout policies.

The following lockout policy should be set at follows:

Maximum number of failed login attempts: 3

If this account lockout policy is not configured as stated, this is a finding.

Check Content Reference

M

Target Key

5399

Comments