The operating system must enforce a delay of at least 4 seconds between logon prompts following a failed logon attempt.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
| V-203779 | SRG-OS-000480-GPOS-00226 | SV-203779r991588_rule | CCI-000366 | medium |
| Description | ||||
| Limiting the number of logon attempts over a certain time interval reduces the chances that an unauthorized user may gain access to an account. | ||||
| STIG | Date | |||
| General Purpose Operating System Security Requirements Guide | 2024-12-04 | |||
Details
Check Text (C-203779r991588_chk)
Verify the operating system enforces a delay of at least 4 seconds between logon prompts following a failed logon attempt. If it does not, this is a finding.
Fix Text (F-3904r375729_fix)
Configure the operating system to enforce a delay of at least 4 seconds between logon prompts following a failed logon attempt.