Skip to main content

πŸ’Ό AC-7 Unsuccessful Logon Attempts

  • Contextual name: πŸ’Ό AC-7 Unsuccessful Logon Attempts
  • ID: /frameworks/nist-sp-800-53-r5/ac/07
  • Located in: πŸ’Ό AC Access Control

Description​

a. Enforce a limit of [Assignment: organization-defined number] consecutive invalid logon attempts by a user during a [Assignment: organization-defined time period]; and b. Automatically [Selection (one or more): lock the account or node for an [Assignment: organization-defined time period]; lock the account or node until released by an administrator; delay next logon prompt per [Assignment: organization-defined delay algorithm]; notify system administrator; take other [Assignment: organization-defined action]] when the maximum number of unsuccessful attempts is exceeded.

Similar​

  • Internal
    • ID: dec-c-2b592fc4

Similar Sections (Give Policies To)​

SectionSub SectionsInternal RulesPoliciesFlags
πŸ’Ό FedRAMP High Security Controls β†’ πŸ’Ό AC-7 Unsuccessful Logon Attempts (L)(M)(H)11
πŸ’Ό FedRAMP Low Security Controls β†’ πŸ’Ό AC-7 Unsuccessful Logon Attempts (L)(M)(H)1
πŸ’Ό NIST CSF v2.0 β†’ πŸ’Ό PR.AA-03: Users, services, and hardware are authenticated22

Sub Sections​

SectionSub SectionsInternal RulesPoliciesFlags
πŸ’Ό AC-7(1) Unsuccessful Logon Attempts _ Automatic Account Lock
πŸ’Ό AC-7(2) Unsuccessful Logon Attempts _ Purge or Wipe Mobile Device
πŸ’Ό AC-7(3) Unsuccessful Logon Attempts _ Biometric Attempt Limiting
πŸ’Ό AC-7(4) Unsuccessful Logon Attempts _ Use of Alternate Authentication Factor