Rule Title: RiOS must automatically lock the account until the locked account is released by an administrator when three unsuccessful login attempts in 15 minutes are exceeded.

STIG ID: RICX-DM-000026

Rule ID: SV-77353r1_rule Severity: CAT II

Vuln ID: V-62863 Class: Unclass

By limiting the number of failed login attempts, the risk of unauthorized system access through user password guessing, otherwise known as brute-forcing, is reduced. Limits are imposed by locking the account.

Verify that RiOS is configured to limit the number of invalid login attempts during a 15-minute period to 3.

For detailed information, see Configuring the system for a limited number of log in attempts.

Configure RiOS to limit the number of invalid login attempts during a 15-minute period to 3.

For detailed information, see Configuring the system for a limited number of log in attempts.