AC-7: Unsuccessful Logon Attempts

NIST Baseline:  Low 

DIR Required By:  07/20/2023 

Review Date:  04/17/2024 

1. As technology permits, information resources should enforce account lockouts after 10 failed attempts at minimum.  

2. Accounts locked due to multiple incorrect logon attempts should stay locked for a minimum of 15 minutes. Information resource owners can choose to require that an administrator reset accounts when they are locked. 


References/Additional Resources

None.  See any applicable internal procedures.