ESXI-06-000006 – The system must enforce the unlock timeout of 15 minutes after a user account is locked out.

Details

By limiting the number of failed login attempts, the risk of unauthorized access via user password guessing, otherwise known as brute-forcing, is reduced. Limits are imposed by locking the account.

Solution

From the vSphere Client select the ESXi Host and go to Configuration >> Advanced Settings. Select the Security.AccountUnlockTime value and configure it to 900.

From a PowerCLI command prompt while connected to the ESXi host run the following commands:

Get-VMHost | Get-AdvancedSetting -Name Security.AccountUnlockTime | Set-AdvancedSetting -Value 900

Supportive Information

The following resource is also helpful.

https://dl.dod.cyber.mil/wp-content/uploads/stigs/zip/U_VMware_vSphere_6-0_ESXi_V1R5_STIG.zip

This security hardening control applies to the following category of controls within NIST 800-53: Access Control.This control applies to the following type of system VMware.

References

800-53|AC-7b.
CAT|II
CCI|CCI-002238
Group-ID|V-63181
Rule-ID|SV-77671r1_rule
STIG-ID|ESXI-06-000006
Vuln-ID|V-63181

Source

Tenable.com/audits

Updated on July 16, 2022

Was this article helpful?

Yes No

Details

Solution

Supportive Information

References

Source

Related Articles