NIST SP 800-171 & CMMC 2.0 Control 3.1.8 Requirement:

Limit unsuccessful logon attempts.

NIST SP 800-171 & CMMC 2.0 3.1.8 Requirement Explanation:

By locking an account after several consecutive failed logon attempts you prevent brute-force attacks. An account lockout can be triggered by a legitimate user incorrectly entering their password. To give them another chance to try logging in again you can configure your accounts to automatically unlock after a set period of time (e.g., 5 minutes).

Example NIST SP 800-171 & CMMC 2.0 3.1.8 Implementation:

Configure your user accounts to lock after consecutive failed logon attempts. Locking an account after three failed attempts is a common setting. Set your accounts to unlock after several minutes or require your admins to manually unlock accounts. This can be accomplished on Windows computers using group policy or Microsoft EndPoint manager.

NIST SP 800-171 & CMMC 2.0 3.1.8 Scenario(s):

- Scenario 1:

John, an employee at your company incorrectly entered his password three times in a row, resulting in his account being locked. John submits a help desk ticket requesting an account unlock. Your IT staff asks him to wait 5 minutes for the account to unlock. 5 minutes later John has remembered his password and is able to log in.

Discover Our NIST SP 800-171 & CMMC 2.0 Solutions:


Compliance Accelerator

Power through compliance. Meet and maintain your NIST SP 800-171 & CMMC 2.0 compliance requirements.

Quantum Assessor

Transform your business. Create new revenue streams and provide scalability for your NIST SP 800-171 and CMMC 2.0 services.

Supply Chain Verifier

Trust is everything. Verify, monitor, and support subcontactor compliance.