STIGQter: STIG Summary: ForeScout CounterACT NDM Security Technical Implementation Guide Version: 1 Release: 1 Benchmark Date: 12 Sep 2017:

CounterACT must automatically lock the account until the locked account is released by an administrator when three unsuccessful logon attempts in 15 minutes are exceeded.

DISA Rule

SV-90939r1_rule

Vulnerability Number

V-76251

Group Title

SRG-APP-000345-NDM-000290

Rule Version

CACT-NM-000035

Severity

CAT II

CCI(s)

• CCI-002238 - The information system automatically locks the account or node for either an organization-defined time period, until the locked account or node is released by an administrator, or delays the next logon prompt according to the organization-defined delay algorithm when the maximum number of unsuccessful logon attempts is exceeded.

Weight

10

Fix Recommendation

Configure CounterACT to automatically lock the account until the locked account is released by an administrator when three unsuccessful logon attempts in 15 minutes are exceeded.

1. Log on to the CounterACT Administrator UI.
2. From the menu, select Tools >> Options >> User Console and Options >> Password and Login.
3. Ensure the "Lock account After" radio button is selected.
4. Ensure that "3" is selected for the password failures setting.
5. Ensure that "15" and "minutes" are selected.

Check Contents

Determine CounterACT automatically locks the account until the locked account is released by an administrator when three unsuccessful logon attempts in 15 minutes are exceeded.

This requirement may be verified by demonstration or configuration review.

1. Log on to the CounterACT Administrator UI.
2. From the menu, select Tools >> Options >> User Console and Options >> Password and Login.
3. Verify the "Lock account After" radio button is selected.
4. Verify "3" is selected for the password failures setting.
5. Verify that "15" and "minutes" are selected.

If an account is not automatically locked out until the locked account is released by an administrator when three unsuccessful logon attempts in 15 minutes are exceeded, this is a finding.

Vulnerability Number

V-76251

Documentable

False

Rule Version

CACT-NM-000035

Severity Override Guidance

Determine CounterACT automatically locks the account until the locked account is released by an administrator when three unsuccessful logon attempts in 15 minutes are exceeded.

This requirement may be verified by demonstration or configuration review.

1. Log on to the CounterACT Administrator UI.
2. From the menu, select Tools >> Options >> User Console and Options >> Password and Login.
3. Verify the "Lock account After" radio button is selected.
4. Verify "3" is selected for the password failures setting.
5. Verify that "15" and "minutes" are selected.

If an account is not automatically locked out until the locked account is released by an administrator when three unsuccessful logon attempts in 15 minutes are exceeded, this is a finding.

Check Content Reference

M

Target Key

3225

Comments