N
|
controlAC-7

Unsuccessful Logon Attempts (AC-7)

Enforce a limit of [organization-defined] consecutive invalid logon attempts by a user during a [organization-defined] ; and Automatically [organization-defined] when the maximum number of unsuccessful attempts is exceeded.

Security Baselines

LOWMODERATEHIGH
access-controlauthorizationleast-privilege

Why These Connect

Baselined In3

This control is included in the linked security baseline (LOW, MODERATE, or HIGH).

Supports15

These related controls work together — a change to one may affect the others.

Mitigates1

This control helps defend against or reduce the risk of the linked threat technique.

Enhances4

These enhancements add specific capabilities or refinements to the base control.

Related Controls(10)

AC-2Account Management (AC-2)
LMH
AC-9Previous Logon Notification (AC-9)AU-2Event Logging (AU-2)
LMH
AU-6Audit Record Review, Analysis, and Reporting (AU-6)
LMH
IA-5Authenticator Management (IA-5)
LMH
AC-11Device Lock (AC-11)
MH
AC-19Access Control for Mobile Devices (AC-19)
LMH
MP-5Media Transport (MP-5)
MH
MP-6Media Sanitization (MP-6)
LMH
SC-13Cryptographic Protection (SC-13)
LMH

Threat Coverage(1 ATT&CK techniques)

T1110Brute Force

Control Enhancements(4)

AC-7(1)Automatic Account Lock (AC-7(1))W
AC-7(2)Purge or Wipe Mobile Device (AC-7(2))
AC-7(3)Biometric Attempt Limiting (AC-7(3))
AC-7(4)Use of Alternate Authentication Factor (AC-7(4))

See Also

@SP 800-53 OverviewCompare Baselines