Details

This policy setting determines the length of time that must pass before a locked account is unlocked and a

user can try to log on again.

Solution

Make sure ‘Account lockout duration’ is set to a minimum of 15 minutes.

Supportive Information

The following resource is also helpful.

• https://workbench.cisecurity.org/files/17

This security hardening control applies to the following category of controls within NIST 800-53: Access Control.This control applies to the following type of system Windows.

References

• 800-53|AC-7a.
• CSCv6|16.7

Source

• Tenable.com/audits