Rule Title: RiOS must enforce the limit of three consecutive invalid login attempts by a user during a 15-minute time period for web-based management access.

STIG ID: RICX-DM-000025

Rule ID: SV-77351r1_rule Severity: CAT II

Vuln ID: V-62861 Class: Unclass

By limiting the number of failed login attempts, the risk of unauthorized system access through user password guessing, otherwise known as brute-forcing, is reduced.

Verify that RiOS is configured to limit the number of invalid login attempts during a 15-minute period to 3.

For detailed information, see Verifying the system is configured for a limited number of login attempts.

Configure RiOS to limit the number of invalid login attempts during a 15-minute period to 3.

For detailed information, see Configuring the system for a limited number of log in attempts.