Account Lockout and Rate-Limiting

CCC.RDMS.CN02: Account Lockout and Rate-Limiting

Control ID:CCC.RDMS.CN02

Title:Account Lockout and Rate-Limiting

Objective:Ensure the database enforces lockouts or rate-limiting after a specified number of failed authentication attempts. This prevents brute force or password-guessing attacks from succeeding.

Control Family:

Identity and Access Management

Related Threats

ID	Title	Description	External Mappings	Capability Mappings	Control Mappings
CCC.RDMS.TH02	Brute Force Attempts on Database Authentication	Repeated attempts to guess database user passwords may be made through brute force techniques. This condition could result in unauthorized access if successful, compromising database security and sensitive information.	1	1	0

Related Capabilities

ID	Title	Description
CCC.RDMS.CP07	DB Self Managed Credentials	Ability to manage the database credentials by client managed username and passwords.

Guideline Mappings

Reference ID	Entry ID	Strength	Remarks
NIST-CSF	PR.AC-1	0	-
NIST_800_53	AC-7	0	-

Assessment Requirements

ID	Description	Applicability
CCC.RDMS.CN02.AR01	When repeated failed login attempts are made in a short timeframe, the account must be locked out or rate-limited to prevent further login attempts.	tlp-red tlp-amber