AOSX-15-000021 – The macOS system must enforce an account lockout time period of 15 minutes in which a user makes three consecutive invalid logon attempts.

Details

Setting a lockout time period of 15 minutes is an effective deterrent against brute forcing that also makes allowances for legitimate mistakes by users. When three invalid logon attempts are made, the account will be locked.

Solution

This setting is enforced using the ‘Passcode Policy’ configuration profile or by a directory service.

Supportive Information

The following resource is also helpful.

https://dl.dod.cyber.mil/wp-content/uploads/stigs/zip/U_Apple_OS_X_10-15_V1R7_STIG.zip

This security hardening control applies to the following category of controls within NIST 800-53: Access Control.This control applies to the following type of system Unix.

References

800-53|AC-7b.
CAT|II
CCI|CCI-002238
Rule-ID|SV-225132r610901_rule
STIG-ID|AOSX-15-000021
STIG-Legacy|SV-111641
STIG-Legacy|V-102679
Vuln-ID|V-225132

Source

Tenable.com/audits

Updated on July 16, 2022

Was this article helpful?

Yes No

Details

Solution

Supportive Information

References

Source

Related Articles