Ensuring the system locks after three unsuccessful login attempts
Rule Title: RiOS must automatically lock the account until the locked account is released by an administrator when three unsuccessful login attempts in 15 minutes are exceeded.
STIG ID: RICX-DM-000026
Rule ID: SV-77353r1_rule Severity: CAT II
Vuln ID: V-62863 Class: Unclass
By limiting the number of failed login attempts, the risk of unauthorized system access through user password guessing, otherwise known as brute-forcing, is reduced. Limits are imposed by locking the account.
Verifying the system locks after three login attempts
Verify that RiOS is configured to limit the number of invalid login attempts during a 15-minute period to 3.
Configuring the system to lock after three login attempts
Configure RiOS to limit the number of invalid login attempts during a 15-minute period to 3.