NIST SP 800-171 & CMMC 2.0 3.1.8 Requirement:
Limit unsuccessful logon attempts.
NIST SP 800-171 & CMMC 2.0 3.1.8 Requirement Explanation:
By locking an account after several consecutive failed logon attempts you prevent brute-force attacks. An account lockout can be triggered by a legitimate user incorrectly entering their password. To give them another chance to try logging in again you can configure your accounts to automatically unlock after a set period of time (e.g., 5 minutes).
Example NIST SP 800-171 & CMMC 2.0 3.1.8 Implementation:
Configure your user accounts to lock after consecutive failed logon attempts. Locking an account after three failed attempts is a common setting. Set your accounts to unlock after several minutes or require your admins to manually unlock accounts. This can be accomplished on Windows computers using group policy or Microsoft EndPoint manager.
NIST SP 800-171 & CMMC 2.0 3.1.8 Scenario(s):
- Scenario 1:
A hacker is trying to access John's account by trying different passwords. Because you have configured your accounts to lockout after 5 failed attempts, the account is locked for 15 minutes.
Quick & Simple
Discover Our Cybersecurity Compliance Solutions:
Whether you need to meet and maintain your compliance requirements, help your clients meet them, or verify supplier compliance we have the expertise and solution for you
NIST SP 800-171 & CMMC Compliance
Become compliant, provide compliance services, or verify partner compliance with NIST SP 800-171 and CMMC requirements.
HIPAA Compliance
Become compliant, provide compliance services, or verify partner compliance with HIPAA security rule requirements.
FAR 52.204-21 Compliance
Become compliant, provide compliance services, or verify partner compliance with FAR 52.204-21 Basic Safeguarding of Covered Contractor Information Systems requirements.
ISO 27001 Compliance
Become compliant, provide compliance services, or verify partner compliance with ISO 27001 requirements.