control_freak | Controls | AC-07(04) - Use of Alternate Authentication Factor

(a) Allow the use of ac-07.04_odp.01 that are different from the primary authentication factors after the number of organization-defined consecutive invalid logon attempts have been exceeded; and

(b) Enforce a limit of ac-07.04_odp.02 consecutive invalid logon attempts through use of the alternative factors by a user during a ac-07.04_odp.03.

Parameter ID	Definition
ac-07.04_odp.01	authentication factors
ac-07.04_odp.02	number
ac-07.04_odp.03	time period

Baselines

Guidance

The use of alternate authentication factors supports the objective of availability and allows a user who has inadvertently been locked out to use additional authentication factors to bypass the lockout.

Related controls 1

IA-03 Device Identification and Authentication L M H P

AC-07(04) Use of Alternate Authentication Factor

Baselines

Guidance

Related controls 1