💼 AC-7 Unsuccessful Logon Attempts (L)(M)(H)

Contextual name: 💼 AC-7 Unsuccessful Logon Attempts (L)(M)(H)
ID: /frameworks/fedramp-high-security-controls/ac/07
Located in: 💼 Access Control

Description

a. Enforce a limit of [Assignment: organization-defined number] consecutive invalid logon attempts by a user during a [Assignment: organization-defined time period]; and

b. Automatically [Selection (one-or-more): lock the account or node for an [Assignment: organization-defined time period]; lock the account or node until released by an administrator; delay next logon prompt per [Assignment: organization-defined delay algorithm]; notify system administrator; take other [Assignment: organization-defined action]] when the maximum number of unsuccessful attempts is exceeded.

AC-7 Additional FedRAMP Requirements and Guidance:

Requirement: In alignment with NIST SP 800-63B

Similar

Sections
- /frameworks/nist-sp-800-53-r5/ac/07
Internal
- ID: dec-c-b58f81cf

Similar Sections (Take Policies From)

Section	Sub Sections	Internal Rules	Policies	Flags
💼 NIST SP 800-53 Revision 5 → 💼 AC-7 Unsuccessful Logon Attempts	4

Similar Sections (Give Policies To)

Section	Sub Sections	Internal Rules	Policies	Flags
💼 FedRAMP Low Security Controls → 💼 AC-7 Unsuccessful Logon Attempts (L)(M)(H)			1
💼 FedRAMP Moderate Security Controls → 💼 AC-7 Unsuccessful Logon Attempts (L)(M)(H)			1

Sub Sections

Section	Sub Sections	Internal Rules	Policies	Flags

Policies (1)

Policy	Logic Count	Flags
📝 AWS S3 Bucket MFA Delete is not enabled 🟠🟢	1	🟠 x1, 🟢 x6

Internal Rules

Rule	Policies	Flags
✉️ dec-z-bb731292	1

Description​

Similar​

Similar Sections (Take Policies From)​

Similar Sections (Give Policies To)​

Sub Sections​

Policies (1)​

Internal Rules​