Rule ID
SV-228639r1082941_rule
Version
V3R3
CCIs
CCI-000044
By limiting the number of failed logon attempts, the risk of unauthorized system access via user password guessing, otherwise known as brute-forcing, is reduced.
Go to Device >> Authentication Profile. Check the authentication profile used for the local account used for the account of last resort. If the "Failed Attempts (#)" field is not set to "3", this is a finding.
Configure the authentication profile associated with the account of last resort with lockout settings of three failed attempts, which is the only local login account. 1. Go to Device >> Authentication Profile. 2. Select the configured authentication profile or select "Add" (in the bottom-left corner of the pane) to create a new one. 3. In the "Authentication Profile" field, enter the name of the authentication profile that will be used to control each person's authentication process. 4. The "Lockout Time (min)" field is the lockout duration; this must be set to "15". 5. In the "Failed Attempts" field, enter "3". 6. Select "OK".