UCF STIG Viewer Logo

Password/passcode maximum failed attempts must be set to the required value.


Overview

Finding ID Version Rule ID IA Controls Severity
V-25011 WIR-MOS-PDA-017 SV-31264r3_rule ECWN-1 IAIA-1 Medium
Description
A hacker with unlimited attempts can determine the passcode of a smartphone within a few minutes using password hacking tools, which could lead to unauthorized access to the PDA/smartphone and disclosure of sensitive DoD data.
STIG Date
PDA/Smartphone Security Technical Implementation Guide 2011-10-07

Details

Check Text ( C-31672r1_chk )
Check a sample (3-4 devices) of site PDAs and verify the PDA has been configured to wipe after 10 (or less) incorrect passwords have been entered.
Fix Text (F-27662r2_fix)
Set password/passcode maximum failed attempts to required value.