Statement

Access to WTAMU information resources controlled by a User ID and password shall employ mechanisms to disable or lockout User IDs which experience multiple failed logins.

Applicability

The intended audience for this control includes, but is not limited to, all information resource data/owners, management personnel, and system administrators.

Implementation

• Where configuration is available, account lockout failed attempt features are activated on all WTAMU systems and must disable or lockout accounts after no more than 10 failed login attempts.
  • Accounts should remain locked for a minimum of 15 minutes.
• As technology permits, accounts that have access to information resoures classified as high impact should remain locked until reset by an administrator.