| STIG ID | Version | Title | Product |
|---|---|---|---|
| ALMA-09-008160 | V1R3 | AlmaLinux OS 9 must maintain an account lock until the locked account is manually released by an administrator; and not automatically after a set time. | |
| ALMA-09-008270 | V1R3 | AlmaLinux OS 9 must ensure account locks persist across reboots. | |
| ALMA-09-008380 | V1R3 | AlmaLinux OS 9 must configure the appropriate SELinux context on the nondefault faillock tally directory. | |
| APPL-13-000022 | V1R5 | The macOS system must enforce the limit of three consecutive invalid logon attempts by a user before the user account is locked. | |
| OL07-00-010330 | V3R3 | The Oracle Linux operating system must lock the associated account after three unsuccessful root logon attempts are made within a 15-minute period. | |
| OL09-00-002416 | V1R2 | OL 9 must automatically lock an account when three unsuccessful logon attempts occur during a 15-minute time period. | |
| OL09-00-002417 | V1R2 | OL 9 must maintain an account lock until the locked account is released by an administrator. | |
| OL09-00-003020 | V1R2 | OL 9 must automatically lock an account when three unsuccessful logon attempts occur. | |
| OL09-00-003021 | V1R2 | OL 9 must automatically lock the root account until the root account is released by an administrator when three unsuccessful logon attempts occur during a 15-minute time period. | |
| RHEL-07-010320 | V3R9 | The Red Hat Enterprise Linux operating system must be configured to lock accounts for a minimum of 15 minutes after three unsuccessful logon attempts within a 15-minute timeframe. | |
| RHEL-07-010330 | V3R9 | The Red Hat Enterprise Linux operating system must lock the associated account after three unsuccessful root logon attempts are made within a 15-minute period. | |
| RHEL-09-411075 | V2R5 | RHEL 9 must automatically lock an account when three unsuccessful logon attempts occur. | |
| RHEL-09-411080 | V2R5 | RHEL 9 must automatically lock the root account until the root account is released by an administrator when three unsuccessful logon attempts occur during a 15-minute time period. | |
| RHEL-09-411085 | V2R5 | RHEL 9 must automatically lock an account when three unsuccessful logon attempts occur during a 15-minute time period. | |
| RHEL-09-411090 | V2R5 | RHEL 9 must maintain an account lock until the locked account is released by an administrator. | |
| UBTU-20-010072 | V2R3 | The Ubuntu operating system must automatically lock an account until the locked account is released by an administrator when three unsuccessful logon attempts have been made. | |
| WN10-AC-000005 | V3R4 | Windows 10 account lockout duration must be configured to 15 minutes or greater. | |
| WN11-AC-000005 | V2R4 | Windows 11 account lockout duration must be configured to 15 minutes or greater. | |
| WN16-AC-000010 | V2R9 | Windows 2016 account lockout duration must be configured to 15 minutes or greater. | |
| WN19-AC-000010 | V3R4 | Windows Server 2019 account lockout duration must be configured to 15 minutes or greater. | |
| WN22-AC-000010 | V2R5 | Windows Server 2022 account lockout duration must be configured to 15 minutes or greater. |