STIGhubSTIGhub
STIGsRMF ControlsCompare
STIGhub— A free STIG search and compliance tool·STIGs updated 3 days ago
Powered by Pylon·Privacy·Terms·© 2026 Beacon Cloud Solutions, Inc.
← Back to VMware NSX 4.x Manager NDM Security Technical Implementation Guide

V-265293

CAT II (Medium)

The NSX Manager must be configured to enforce the limit of three consecutive invalid logon attempts, after which time it must block any login attempt for 15 minutes.

Rule ID

SV-265293r994102_rule

STIG

VMware NSX 4.x Manager NDM Security Technical Implementation Guide

Version

V1R2

CCIs

CCI-000044

Discussion

By limiting the number of failed login attempts, the risk of unauthorized system access via user password guessing, otherwise known as brute-forcing, is reduced.

Check Content

From an NSX Manager shell, run the following commands:

> get auth-policy api lockout-reset-period

Expected result:
900 seconds

If the output does not match the expected result, this is a finding.

> get auth-policy api lockout-period

Expected result:
900 seconds

If the output does not match the expected result, this is a finding.

> get auth-policy api max-auth-failures

Expected result:
3

If the output does not match the expected result, this is a finding.

> get auth-policy cli lockout-period

Expected result:
900 seconds

If the output does not match the expected result, this is a finding.

> get auth-policy cli max-auth-failures

Expected result:
3

If the output does not match the expected result, this is a finding.

Fix Text

From an NSX Manager shell, run the following commands:

> set auth-policy api lockout-reset-period 900
> set auth-policy api lockout-period 900
> set auth-policy api max-auth-failures 3
> set auth-policy cli lockout-period 900
> set auth-policy cli max-auth-failures 3