AC-7: Unsuccessful Logon Attempts
NIST Baseline: Low
DIR Required By: 07/20/2023
Review Date: 04/17/2024
1. As technology permits, information resources should enforce account lockouts after 10 failed attempts at minimum.
2. Accounts locked due to multiple incorrect logon attempts should stay locked for a minimum of 15 minutes. Information resource owners can choose to require that an administrator reset accounts when they are locked.
References/Additional Resources
None. See any applicable internal procedures.