V-215813
CAT IIThe Cisco router must be configured to enforce the limit of three consecutive invalid logon attempts, after which time it must lock out the user account from accessing the device for 15 minutes.
- Ships Affected
- 1
- Total Findings
- 1
- Open
- 0
- Closed
- 1
Check Text
Review the Cisco router configuration to verify that it enforces the limit of three consecutive invalid logon attempts as shown in the example below.
login block-for 900 attempts 3 within 120
Note: The configuration example above will block any login attempt for 15 minutes after three consecutive invalid logon attempts within a two-minute period.
If the Cisco router is not configured to enforce the limit of three consecutive invalid logon attempts, this is a finding.
Fix Text
Configure the Cisco router to enforce the limit of three consecutive invalid logon attempts as shown in the example below.
R2(config)#login block-for 900 attempts 3 within 120
STIG Reference
- STIG
- Cisco IOS XE Router NDM Security Technical Implementation Guide
- Version
- 3
- Release
- 7
- Rule ID
- SV-215813r960840_rule
All Occurrences
This vulnerability appears on 1 ship(s)
| Ship | Hull # | Source File | Status | Assigned To | Scan Date | Actions |
|---|---|---|---|---|---|---|
| USNS MONTFORD POINT | T-ESD-1 | _Reviewed/MONTPOINTGTWYRTR/Checklist/MONTPOINTGTWYRTR_CiscoXERtrNDM_V3R5_20251023-150045.ckl | Unassigned | 2026-01-14T12:57:25.013310 | View in Context |