CMMC 2.0 • LEVEL 2 • ACCESS CONTROL

AC.L2-3.1.8Unsuccessful Logon Attempts

Enforce a limit of 3 consecutive invalid attemptsCMMC/STIG consecutive invalid logon attempts by a user during a 15 minutesCMMC/STIG. Automatically 15 minutes (or until unlocked by an administrator)CMMC/STIG when the maximum number of unsuccessful attempts is exceeded.

NIST 800-171 Mapping

NIST 800-53 Controls

AC-7

Assessment Objectives

  • a limit of 3 consecutive invalid attemptsCMMC/STIG consecutive invalid logon attempts by a user during 15 minutesCMMC/STIG is enforced.
  • 15 minutes (or until unlocked by an administrator)CMMC/STIG when the maximum number of unsuccessful attempts is exceeded.

Practitioner Notes

Practitioner commentary coming soon.

Related CMMC 2.0 Practices

AC.L1-3.1.1 Account Management AC.L1-3.1.2 Access Enforcement AC.L2-3.1.3 Information Flow Enforcement AC.L2-3.1.4 Separation of Duties