STIGQter STIGQter: STIG Summary: Trend Micro Deep Security 9.x Security Technical Implementation Guide Version: 1 Release: 1 Benchmark Date: 26 Feb 2016:

Trend Deep Security must enforce the limit of three consecutive invalid logon attempts by a user during a 15 minute time period.

DISA Rule

SV-80363r1_rule

Vulnerability Number

V-65873

Group Title

SRG-APP-000065

Rule Version

TMDS-00-000050

Severity

CAT II

CCI(s)

Weight

10

Fix Recommendation

Configure the Trend Deep Security server to enforce the limit of three consecutive invalid logon attempts by a user during a 15-minute time period.

Configure the number of failed logon attempts to 3.

Administration >> System Settings >> Security >> User Security >> Number of incorrect sign-in attempts allowed (before lock out): 3

Check Contents

Review the Trend Deep Security server configuration to ensure the limit of three consecutive invalid logon attempts by a user during a 15-minute time period is enforced.

Verify the number of failed logon attempts. Go to Administration >> System Settings >> Security >> User Security >> Number of incorrect sign-in attempts allowed (before lock out): 3

If the number is greater than 3 this is a finding.

Vulnerability Number

V-65873

Documentable

False

Rule Version

TMDS-00-000050

Severity Override Guidance

Review the Trend Deep Security server configuration to ensure the limit of three consecutive invalid logon attempts by a user during a 15-minute time period is enforced.

Verify the number of failed logon attempts. Go to Administration >> System Settings >> Security >> User Security >> Number of incorrect sign-in attempts allowed (before lock out): 3

If the number is greater than 3 this is a finding.

Check Content Reference

M

Target Key

2955

Comments