Description
The information system enforces a limit of [Assignment: organization-defined number] consecutive invalid access attempts by a user during a [Assignment: organization-defined time period] time period. The information system automatically [Selection: locks the account/node for an [Assignment: organization-defined time period], delays next login prompt according to [Assignment: organization-defined delay algorithm.]] when the maximum number of unsuccessful attempts is exceeded.\n
Supplemental Guidance
Due to the potential for denial of service, automatic lockouts initiated by the information system are usually temporary and automatically release after a predetermined time period established by the organization.\n
Changes from Rev 4
Parameter includes additional selection options when the number of allowed consecutive invalid logon attempts threshold is exceeded Discussion amplifies the control text with examples of addition actions to help prevent brute force attacks
Enhancements
(1) The information system automatically locks the account/node until released by an administrator when the maximum number of unsuccessful attempts is exceeded.\n