AC-7(4): Unsuccessful Logon Attempts | Use of Alternate Authentication Factor

AC-7(4): Unsuccessful Logon Attempts | Use of Alternate Authentication Factor ()

(a) Allow the use of [Assignment: organization-defined authentication factors] that are different from the primary authentication factors after the number of organization-defined consecutive invalid logon attempts have been exceeded; and
(b) Enforce a limit of [Assignment: organization-defined number] consecutive invalid logon attempts through use of the alternative factors by a user during a [Assignment: organization-defined time period].


Control Identifier	AC-7(4)
Latest Sync Date	19/12/24 09:18:14
Discussion	The use of alternate authentication factors supports the objective of availability and allows a user who has inadvertently been locked out to use additional authentication factors to bypass the lockout.
Related Controls	IA-3.



NIST 800-53 Controls Catalogue