Control: Azure > CIS v4.0 > 06 - Identity Services > 06.07 - Ensure that account 'Lockout duration in seconds' is greater than or equal to '60'
Configures auditing against a CIS Benchmark item.
Level: 1
The account lockout duration value determines how long an account retains the status of lockout, and therefore how long before a user can continue to attempt to login after passing the lockout threshold.
Account lockout is a method of protecting against brute-force and password spray attacks. Once the lockout threshold has been exceeded, the account enters a lockedout state which prevents all login attempts for a variable duration. The lockout in combination with a reasonable duration reduces the total number of failed login attempts that a malicious actor can execute in a given period of time.
Resource Types
This control targets the following resource types:
Policies
This control type relies on these other policies when running actions:
- Azure > CIS v4.0 > 06 - Identity Services > 06.07 - Ensure 'Lockout duration in seconds' is greater than or equal to '60'
- Azure > CIS v4.0 > 06 - Identity Services > 06.07 - Ensure 'Lockout duration in seconds' is greater than or equal to '60' > Attestation
- Azure > CIS v4.0 > Maximum Attestation Duration
- Azure > CIS v4.0
- Azure > CIS v4.0 > 06 - Identity Services
- Azure > CIS v4.0 > 06 - Identity Services > Maximum Attestation Duration
Category
In Your Workspace
Developers
- tmod:@turbot/azure-cisv4-0#/control/types/r0607
- tmod:@turbot/cis#/control/categories/v071603
- turbot graphql controls --filter "controlTypeId:tmod:@turbot/azure-cisv4-0#/control/types/r0607"
Get Controls