💼 AC-7 Unsuccessful Logon Attempts (L)(M)(H)
- Contextual name: 💼 AC-7 Unsuccessful Logon Attempts (L)(M)(H)
- ID:
/frameworks/fedramp-moderate-security-controls/ac/07 - Located in: 💼 Access Control
Description
a. Enforce a limit of [Assignment: organization-defined number] consecutive invalid logon attempts by a user during a [Assignment: organization-defined time period]; and
b. Automatically [Selection (one-or-more): lock the account or node for an [Assignment: organization-defined time period]; lock the account or node until released by an administrator; delay next logon prompt per [Assignment: organization-defined delay algorithm]; notify system administrator; take other [Assignment: organization-defined action]] when the maximum number of unsuccessful attempts is exceeded.
AC-7 Additional FedRAMP Requirements and Guidance:
Requirement: In alignment with NIST SP 800-63B
Similar
- Sections
/frameworks/fedramp-high-security-controls/ac/07
- Internal
- ID:
dec-c-b58f81cf
- ID:
Similar Sections (Take Policies From)
| Section | Sub Sections | Internal Rules | Policies | Flags |
|---|---|---|---|---|
| 💼 FedRAMP High Security Controls → 💼 AC-7 Unsuccessful Logon Attempts (L)(M)(H) | 1 | 1 |
Sub Sections
| Section | Sub Sections | Internal Rules | Policies | Flags |
|---|
Policies (1)
| Policy | Logic Count | Flags |
|---|---|---|
| 📝 AWS S3 Bucket MFA Delete is not enabled 🟠🟢 | 1 | 🟠 x1, 🟢 x6 |