CCC.RDMS.C02: Account Lockout and Rate-Limiting
Objective:Ensure the database enforces lockouts or rate-limiting after a specified
number of failed authentication attempts. This prevents brute force
or password-guessing attacks from succeeding.
Control Family:
Identity and Access Management
Threats:
| ID | Title | Description |
|---|---|---|
| CCC.RDMS.TH02 | Brute Force Attempts on Database Authentication | Repeated attempts to guess database user passwords may be made through brute force techniques. This condition could result in unauthorized access if successful, compromising database security and sensitive information. |
NIST CSF:
PR.AC-1
Control Mappings
NIST_800_53:
AC-7
Test Requirements
CCC.RDMS.C02.TR01:When repeated failed login attempts are made in a short timeframe,
the account must be locked out or rate-limited to prevent
further login attempts.
TLP:
tlp_red
tlp_amber