System Security Plan (ssp) Categorization: Moderate-Low-Low

AC-7 – Unsuccessful Login Attempts

Yüklə 1,92 Mb.

səhifə	9/29
tarix	16.05.2018
ölçüsü	1,92 Mb.
	#50588

1 ... 5 6 7 8 9 10 11 12 ... 29

10.2.8AC-8 – System Use Notification
10.2.9AC-10 – Concurrent Session Control (- Standalone Overlay) – NEW BASELINE

10.2.7AC-7 – Unsuccessful Login Attempts

Recommended Continuous Monitoring Frequency: Annual		Program Frequency:	Choose an item.
Implementation Status: Implemented Planned Organizational Tailoring: Compensatory Control (Provide justification below) Tailored In (Provide justification below) Tailored Out (Provide justification below) Modified (Provide justification below)
Control Origination (check all that apply): Common System Specific Hybrid (Common and System Specific)
The information system:
Enforces a limit of maximum of three (3) consecutive invalid logon attempts by a user during a fifteen (15) minute time period	Click here to enter text.
Automatically locks the account/node until released by an administrator when the account is supported locally; or if not supported locally, after a period of not less than 15 minutes when the maximum number of unsuccessful attempts is exceeded. (Includes the requirements of AC-7(1))	Click here to enter text.
CONTINUOUS MONITORING STRATEGY	Click here to enter text.

10.2.8AC-8 – System Use Notification

Recommended Continuous Monitoring Frequency: Annual		Program Frequency:	Choose an item.
Implementation Status: Implemented Planned Organizational Tailoring: Compensatory Control (Provide justification below) Tailored In (Provide justification below) Tailored Out (Provide justification below) Modified (Provide justification below)
Control Origination (check all that apply): Common System Specific Hybrid (Common and System Specific)
Notice and Consent Banners: “Standard mandatory notice and consent banners must be displayed at logon to all ISs and standard mandatory consent notice and consent provisions will be included in all IS user agreements in accordance with applicable security controls and implementation procedures.” The most current required text for the banner and user agreements is listed within the DAAPM. The information system:
Displays to users the DoD Information System Standard Consent Banner before granting access to the system that provides privacy and security notices consistent with applicable federal laws, Executive Orders, directives, policies, regulations, standards, and guidance and states that: Users are accessing a U.S. Government information system; Information system usage may be monitored, recorded, and subject to audit; Unauthorized use of the information system is prohibited and subject to criminal and civil penalties; and Use of the information system indicates consent to monitoring and recording; Retains the notification message or banner on the screen until users acknowledge the usage conditions and take explicit actions by clicking on a box indicating “OK” to log on to or to further access the information system	Click here to enter text.
For publicly accessible systems: Displays system use information and prevents further activity on the information system unless and until the user takes positive action to acknowledge agreement by clicking on a box indicating “OK”; Displays references, if any, to monitoring, recording, or auditing that are consistent with privacy accommodations for such systems that generally prohibit those activities; and Includes a description of the authorized uses of the system.	Click here to enter text.
CONTINUOUS MONITORING STRATEGY	Click here to enter text.

10.2.9AC-10 – Concurrent Session Control (- Standalone Overlay) – NEW BASELINE

After a relevance determination, this control can be tailored out for standalone IS.

Recommended Continuous Monitoring Frequency: Quarterly		Program Frequency:	Choose an item.
Implementation Status: Implemented Planned Organizational Tailoring: Compensatory Control (Provide justification below) Tailored In (Provide justification below) Tailored Out (Provide justification below) Modified (Provide justification below)
Control Origination (check all that apply): Common System Specific Hybrid (Common and System Specific)
The information system limits the number of concurrent sessions for each user to a maximum of three (3) sessions. The concurrent sessions can be defined globally, by account type (e.g., privileged user), account or combination. This control may require 3^rd party software of development of a script.
Click here to enter text.
CONTINUOUS MONITORING STRATEGY	Click here to enter text.

Yüklə 1,92 Mb.

Dostları ilə paylaş:

1 ... 5 6 7 8 9 10 11 12 ... 29

Verilənlər bazası müəlliflik hüququ ilə müdafiə olunur ©muhaz.org 2024
rəhbərliyinə müraciət

gir | qeydiyyatdan keç