AC-7: Unsuccessful Logon Attempts
From NIST's SP800-53:
a. Enforce a limit of [Assignment: organization-defined number] consecutive invalid logon attempts by a user during a [Assignment: organization-defined time period]; and b. Automatically [Selection (one or more): lock the account or node for an [Assignment: organization-defined time period]; lock the account or node until released by an administrator; delay next logon prompt per [Assignment: organization-defined delay algorithm]; notify system administrator; take other [Assignment: organization-defined action]] when the maximum number of unsuccessful attempts is exceeded.
Cyber Threat Graph Context
Explore how this control relates to the wider threat graph
SP800-53 Control Mapped to NIST Cyber Security Framework
Generated from NISTs SP800-53/CSF Crosswalk mappings.
| Control ID | Description |
|---|---|
| PR.AC-7 | Users, devices, and other assets are authenticated (e.g., single-factor, multi-factor) commensurate with the risk of the transaction (e.g., individuals’ security and privacy risks and other organizational risks) |
MITRE ATT&CK Techniques
See which MITRE ATT&CK techniques this control helps to protect against.
| ATT&CK ID | Title | Associated Tactics |
|---|---|---|
| T1110.002 | Password Cracking | Credential Access |
| T1556.003 | Pluggable Authentication Modules | Credential Access, Defense Evasion, Persistence |
| T1133 | External Remote Services | Initial Access, Persistence |
| T1078.002 | Domain Accounts | Defense Evasion, Initial Access, Persistence, Privilege Escalation |
| T1110.004 | Credential Stuffing | Credential Access |
| T1021 | Remote Services | Lateral Movement |
| T1556 | Modify Authentication Process | Credential Access, Defense Evasion, Persistence |
| T1530 | Data from Cloud Storage | Collection |
| T1021.004 | SSH | Lateral Movement |
| T1556.004 | Network Device Authentication | Credential Access, Defense Evasion, Persistence |
| T1110.001 | Password Guessing | Credential Access |
| T1110 | Brute Force | Credential Access |
| T1021.001 | Remote Desktop Protocol | Lateral Movement |
| T1556.001 | Domain Controller Authentication | Credential Access, Defense Evasion, Persistence |
| T1078.004 | Cloud Accounts | Defense Evasion, Initial Access, Persistence, Privilege Escalation |
| T1110.003 | Password Spraying | Credential Access |