Under active development — Content is continuously updated and improved · Last updated Feb 18, 2026, 2:55 AM UTC

AC.L2-3.1.8—Unsuccessful Logon Attempts

Level 2

>Control Description

Limit unsuccessful logon attempts.

>Cross-Framework Mappings

NIST SP 800-171

SCF

>Assessment Interview Topics

Questions assessors commonly ask

Process & Governance:

•What is your policy for the maximum number of unsuccessful logon attempts?
•How did you determine this threshold?
•What is your process for handling locked accounts?
•How do you balance security with user productivity for account lockouts?

Technical Implementation:

•What mechanisms enforce account lockout after unsuccessful logon attempts?
•How is account lockout configured across systems (Windows, Linux, applications)?
•What technologies track failed logon attempts?
•How are accounts unlocked after lockout?
•What logging and alerting monitors brute force attempts?

Evidence & Documentation:

•What documentation demonstrates your access control policies and procedures?
•What access control matrices or permissions documentation can you provide?
•What access request and approval records can you show?
•What access review documentation demonstrates periodic reviews?
•What audit logs demonstrate access control enforcement?
•What screenshots or configuration exports show access control settings?

Ask AI

Configure your API key to use AI features.