AC-7 Unsuccessful Login Attempts

Control: Enforce a limit of [Assignment: organization-defined number] consecutive invalid access attempts by a user during a [Assignment: organization-defined time period] time period.

After you exceed the maximum number of unsuccessful attempts, the system locks the account or the node for a organization defined period. Also, the next login attempt is delayed based on the organization defined delay algorithm.

Illustrative Controls and TIBCO LogLogic Solution

Cost-effective technical and procedural measures are deployed and kept current to establish user identification, implement authentication and enforce access rights. All logins to network devices, operating systems or platforms, databases and applications must be reviewed to ensure only authorized and appropriate personnel have access. Monitor and verify all user access to programs and data. Review access to ensure there is segregation of duties, and all access privileges are properly assigned and approved.

To satisfy this control objective, administrators must assess the authentication mechanisms used to validate user credentials (new and existing) for healthcare reporting systems to support the validity of transactions. Server and application activities must be monitored for locked-out and enabled accounts as they can represent malicious activities.

Reports and Alerts

Use the following reference to see the AC-7 reports and alerts: AC-7.