Evidence – AC.L2-3.1.8

Limit Unsuccessful Logon Attempts

Control Overview

This document describes the evidence used to demonstrate implementation of AC.L2-3.1.8, which requires limiting the number of unsuccessful logon attempts.

This evidence supports the control response documented in the System Security Plan (SSP).

Evidence Objectives

Evidence for this control demonstrates that:

• Unsuccessful logon attempts are limited or throttled
• Protections are applied to user accounts
• Authentication abuse is mitigated

Evidence Artifacts

1. Authentication Protection Settings

Evidence demonstrating logon attempt limits may include:

• Account lockout or throttling configuration
• Automated protections against repeated failed authentication attempts

Examples of acceptable sources:

• Microsoft Entra ID sign-in protection or security settings
• Google Workspace authentication and security settings

Evidence Retention

Evidence supporting this control is retained in accordance with organizational policy and contractual requirements and is available for review during assessment.

Notes

Organizations may implement different mechanisms provided unsuccessful authentication attempts are limited and enforced.