NIST 800-53 r5 · Controls catalogue · Family AC
AC-7Unsuccessful Logon Attempts
Enforce a limit of {{ insert: param, ac-07_odp.01 }} consecutive invalid logon attempts by a user during a {{ insert: param, ac-07_odp.02 }} ; and Automatically {{ insert: param, ac-07_odp.03 }} when the maximum number of unsuccessful attempts is exceeded.
Last updated: 09 May 2026 03:25 UTC
Implementations targeting this control (0)
- No implementations targeting this control yet.
ATT&CK techniques this control mitigates (16)
- T1021 Remote Services Lateral Movement
- T1021.001 Remote Desktop Protocol Lateral Movement
- T1021.004 SSH Lateral Movement
- T1078.002 Domain Accounts Stealth, Persistence, Privilege Escalation, Initial Access
- T1078.004 Cloud Accounts Stealth, Persistence, Privilege Escalation, Initial Access
- T1110 Brute Force Credential Access
- T1110.001 Password Guessing Credential Access
- T1110.002 Password Cracking Credential Access
- T1110.003 Password Spraying Credential Access
- T1110.004 Credential Stuffing Credential Access
- T1133 External Remote Services Persistence, Initial Access
- T1530 Data from Cloud Storage Collection
- T1556 Modify Authentication Process Defense Impairment, Persistence, Credential Access
- T1556.001 Domain Controller Authentication Defense Impairment, Persistence, Credential Access
- T1556.003 Pluggable Authentication Modules Defense Impairment, Persistence, Credential Access
- T1556.004 Network Device Authentication Defense Impairment, Persistence, Credential Access
Weaknesses this control addresses (1)AI
CWEs ranked by how often they appear in real CVEs. The rationale describes how this control reduces exploitability of each weakness class.
| CWE | Name | CVEs | Why this control addresses it |
|---|---|---|---|
CWE-307 | Improper Restriction of Excessive Authentication Attempts | 684 | This control directly enforces limits on consecutive invalid logon attempts and automatic response (e.g., lockout) to prevent brute-force exploitation of authentication mechanisms. |
Top CVEs where this control is the strongest mitigation
| CVE | Risk | CVSS | EPSS | Match |
|---|---|---|---|---|
CVE-2024-57610 | 2.1 | 7.5 | 0.0977 | good |
CVE-2026-30790 | 2.0 | 9.8 | 0.0015 | good |
CVE-2025-24245 | 2.0 | 9.8 | 0.0037 | good |
CVE-2026-31282 | 2.0 | 9.8 | 0.0005 | good |
CVE-2025-63807 | 2.0 | 9.8 | 0.0011 | good |
CVE-2025-64310 | 2.0 | 9.8 | 0.0009 | good |
CVE-2025-25595 | 2.0 | 9.8 | 0.0003 | good |
CVE-2026-33879 | 2.0 | 9.8 | 0.0007 | good |
CVE-2026-33640 | 2.0 | 9.8 | 0.0003 | good |
CVE-2025-69246 | 2.0 | 9.8 | 0.0006 | good |
CVE-2026-24436 | 2.0 | 9.8 | 0.0004 | good |
CVE-2024-9342 | 2.0 | 9.8 | 0.0011 | good |
CVE-2025-4319 | 1.9 | 9.4 | 0.0009 | good |
CVE-2026-33152 | 1.8 | 9.1 | 0.0004 | good |
CVE-2024-48886 | 1.8 | 9.0 | 0.0056 | good |
CVE-2026-6284 | 1.8 | 9.1 | 0.0001 | good |
CVE-2025-31676 | 1.8 | 8.8 | 0.0019 | good |
CVE-2025-69615 | 1.8 | 9.1 | 0.0001 | good |
CVE-2024-23106 | 1.7 | 8.1 | 0.0099 | good |
CVE-2024-12039 | 1.7 | 8.1 | 0.0078 | good |
CVE-2025-26343 | 1.7 | 8.1 | 0.0054 | good |
CVE-2026-24017 | 1.6 | 8.1 | 0.0014 | good |
CVE-2025-14002 | 1.6 | 8.1 | 0.0036 | good |
CVE-2025-66204 | 1.6 | 8.1 | 0.0007 | good |
CVE-2025-12995 | 1.6 | 8.1 | 0.0007 | good |