AC-07(04) Use of Alternate Authentication Factor

(a) Allow the use of ac-07.04_odp.01 that are different from the primary authentication factors after the number of organization-defined consecutive invalid logon attempts have been exceeded; and

(b) Enforce a limit of ac-07.04_odp.02 consecutive invalid logon attempts through use of the alternative factors by a user during a ac-07.04_odp.03.

Parameter ID Definition
ac-07.04_odp.01 authentication factors
ac-07.04_odp.02 number
ac-07.04_odp.03 time period



The use of alternate authentication factors supports the objective of availability and allows a user who has inadvertently been locked out to use additional authentication factors to bypass the lockout.

Related controls 1