STIGQter: STIG Summary: Authentication, Authorization, and Accounting Services (AAA) Security Requirements Guide Version: 1 Release: 2 Benchmark Date: 24 Jan 2020:

AAA Services must be configured to automatically lock user accounts after three consecutive invalid logon attempts within a 15-minute time period.

DISA Rule

SV-95561r1_rule

Vulnerability Number

V-80851

Group Title

SRG-APP-000065-AAA-000200

Rule Version

SRG-APP-000065-AAA-000200

Severity

CAT II

CCI(s)

• CCI-000044 - The information system enforces the organization-defined limit of consecutive invalid logon attempts by a user during the organization-defined time period.

Weight

10

Fix Recommendation

Configure AAA Services to automatically lock user accounts after three consecutive invalid logon attempts within a 15-minute time period.

Check Contents

If AAA Services rely on directory services for user account management, this is not applicable and the connected directory services must perform this function.

Verify AAA Services are configured to automatically lock user accounts after three consecutive invalid logon attempts within a 15-minute time period.

If AAA Services are not configured to automatically lock user accounts after three consecutive invalid logon attempts within a 15-minute time period, this is a finding.

Vulnerability Number

V-80851

Documentable

False

Rule Version

SRG-APP-000065-AAA-000200

Severity Override Guidance

If AAA Services rely on directory services for user account management, this is not applicable and the connected directory services must perform this function.

Verify AAA Services are configured to automatically lock user accounts after three consecutive invalid logon attempts within a 15-minute time period.

If AAA Services are not configured to automatically lock user accounts after three consecutive invalid logon attempts within a 15-minute time period, this is a finding.

Check Content Reference

M

Target Key

3357

Comments