Restrict privileged accounts on the system to [Assignment: organization-defined personnel or roles].
Prohibit privileged access to the system by non-organizational users.
(a) Review [Assignment: organization-defined frequency] the privileges assigned to [Assignment: organization-defined roles or classes of users] to validate the need for such privileges; and (b) Reassign or remove privileges, if necessary, to correctly reflect organizational mission and business needs.
Prevent the following software from executing at higher privilege levels than users executing the software: [Assignment: organization-defined software].
Log the execution of privileged functions.
Prevent non-privileged users from executing privileged functions.
a. Enforce a limit of [Assignment: organization-defined number] consecutive invalid logon attempts by a user during a [Assignment: organization-defined time period]; and b. Automatically [Selection (one or more): lock the account or node for an [Assignment: organization-defined time period]; lock the account or node until released by an administrator; delay next logon prompt per [Assignment: organization-defined delay algorithm]; notify system administrator; take other [Assignment: organization-defined action]] when the maximum number of unsuccessful attempts is exceeded.
[Withdrawn: Incorporated into CM-7.]
Purge or wipe information from [Assignment: organization-defined mobile devices] based on [Assignment: organization-defined purging or wiping requirements and techniques] after [Assignment: organization-defined number] consecutive, unsuccessful device logon attempts.
Limit the number of unsuccessful biometric logon attempts to [Assignment: organization-defined number].
Passcode