STIGhubSTIGhub
STIGsSearchCompare

STIGhub

A free tool to search and browse the entire DISA STIG library. Saves up to 75% in security compliance research time.

Navigation

  • Browse STIGs
  • Search
  • Compare Versions

Resources

  • About
  • Release Notes
  • VPAT
  • DISA STIG Library
STIGs updated 5 hours ago
Powered by Pylon
© 2026 Beacon Cloud Solutions, Inc. All rights reserved.
← Back to VMware vSphere 8.0 vCenter Security Technical Implementation Guide

V-258933

CAT II (Medium)

The vCenter Server must require an administrator to unlock an account locked due to excessive login failures.

Rule ID

SV-258933r961368_rule

STIG

VMware vSphere 8.0 vCenter Security Technical Implementation Guide

Version

V2R3

CCIs

CCI-002238

Discussion

By requiring that Single Sign-On (SSO) accounts be unlocked manually, the risk of unauthorized access via user password guessing, otherwise known as brute forcing, is reduced. When the account unlock time is set to zero, a locked account can only be unlocked manually by an administrator.

Check Content

From the vSphere Client, go to Administration >> Single Sign On >> Configuration >> Local Accounts >> Lockout Policy.

View the value of the "Unlock time" setting.

Unlock time: 0 seconds

If the lockout policy is not configured with "Unlock time" policy of "0", this is a finding.

Fix Text

From the vSphere Client, go to Administration >> Single Sign On >> Configuration >> Local Accounts >> Lockout Policy.

Click "Edit".

Set the "Unlock time" to "0" and click "Save".