AC-7: Unsuccessful Logon Attempts

From NIST's SP800-53:

a. Enforce a limit of [Assignment: organization-defined number] consecutive invalid logon attempts by a user during a [Assignment: organization-defined time period]; and b. Automatically [Selection (one or more): lock the account or node for an [Assignment: organization-defined time period]; lock the account or node until released by an administrator; delay next logon prompt per [Assignment: organization-defined delay algorithm]; notify system administrator; take other [Assignment: organization-defined action]] when the maximum number of unsuccessful attempts is exceeded.

Cyber Threat Graph Context

Explore how this control relates to the wider threat graph

SP800-53 Control Mapped to NIST Cyber Security Framework

Generated from NISTs SP800-53/CSF Crosswalk mappings.

Search:

Control ID	Description
PR.AC-7	Users, devices, and other assets are authenticated (e.g., single-factor, multi-factor) commensurate with the risk of the transaction (e.g., individuals’ security and privacy risks and other organizational risks)

Showing 1 to 1 of 1 entries

MITRE ATT&CK Techniques

See which MITRE ATT&CK techniques this control helps to protect against.

Search:

ATT&CK ID	Title	Associated Tactics
T1110.002	Password Cracking	Credential Access
T1556.003	Pluggable Authentication Modules	Credential Access, Defense Evasion, Persistence
T1133	External Remote Services	Initial Access, Persistence
T1078.002	Domain Accounts	Defense Evasion, Initial Access, Persistence, Privilege Escalation
T1110.004	Credential Stuffing	Credential Access
T1021	Remote Services	Lateral Movement
T1556	Modify Authentication Process	Credential Access, Defense Evasion, Persistence
T1530	Data from Cloud Storage	Collection
T1021.004	SSH	Lateral Movement
T1556.004	Network Device Authentication	Credential Access, Defense Evasion, Persistence
T1110.001	Password Guessing	Credential Access
T1110	Brute Force	Credential Access
T1021.001	Remote Desktop Protocol	Lateral Movement
T1556.001	Domain Controller Authentication	Credential Access, Defense Evasion, Persistence
T1078.004	Cloud Accounts	Defense Evasion, Initial Access, Persistence, Privilege Escalation
T1110.003	Password Spraying	Credential Access

Showing 1 to 16 of 16 entries