Details

The user-lockout policy provides security against hackers and password-cracking software. This policy disables a user account if an incorrect password is entered a specified number of times.

Solution

Configuration > System > User Administration > Settings

Update the value for Invalid Login Attempts to less than 3.

Supportive Information

The following resource is also helpful.

• https://developer-docs.citrix.com/projects/citrix-adm-nitro-api-reference/en/latest/

This security hardening control applies to the following category of controls within NIST 800-53: Access Control.This control applies to the following type of system Citrix_Application_Delivery.

References

• 800-53|AC-11

Source

• Tenable.com/audits