STIGQter: STIG Summary: VMware vSphere 6.7 vCenter Security Technical Implementation Guide Version: 1 Release: 1 Benchmark Date: 09 Mar 2021:

The vCenter Server must set the interval for counting failed login attempts to at least 15 minutes.

DISA Rule

SV-243105r719558_rule

Vulnerability Number

V-243105

Group Title

SRG-APP-000345

Rule Version

VCTR-67-000046

Severity

CAT II

CCI(s)

• CCI-002238 - The information system automatically locks the account or node for either an organization-defined time period, until the locked account or node is released by an administrator, or delays the next logon prompt according to the organization-defined delay algorithm when the maximum number of unsuccessful logon attempts is exceeded.

Weight

10

Fix Recommendation

From the vSphere Client go to Administration >> Single Sign-On >> Configuration >> Policies >> Lockout Policy.

Click "Edit".

Set the "Time interval between failures" to "900" and click "OK".

Check Contents

From the vSphere Client, go to Administration >> Single Sign-On >> Configuration >> Policies >> Lockout Policy.

View the values for the lockout policies.

The following lockout policy should be set at follows:

Time interval between failures: 900 seconds

If this lockout policy is not configured as stated, this is a finding.

Vulnerability Number

V-243105

Documentable

False

Rule Version

VCTR-67-000046

Severity Override Guidance

From the vSphere Client, go to Administration >> Single Sign-On >> Configuration >> Policies >> Lockout Policy.

View the values for the lockout policies.

The following lockout policy should be set at follows:

Time interval between failures: 900 seconds

If this lockout policy is not configured as stated, this is a finding.

Check Content Reference

M

Target Key

5399

Comments