Ensure the database enforces lockouts or rate-limiting after a specified number of failed authentication attempts. This prevents brute force or password-guessing attacks from succeeding.
Database / Relational / Controls / DEV
Account Lockout and Rate-Limiting
CCC.RDMS.CN02 · Access
Related Capabilities
| ID | Title | Description |
|---|---|---|
| CCC.RDMS.CP07 | DB Self Managed Credentials | Ability to manage the database credentials by client managed username and passwords. |
Related Threats
| ID | Title | Description |
|---|---|---|
| CCC.RDMS.TH02 | Brute Force Attempts on Database Authentication | Repeated attempts to guess database user passwords may be made through brute force techniques. This condition could result in unauthorized access if successful, compromising database security and sensitive information. |
Assessment Requirements
| ID | Text | Applicability |
|---|---|---|
| CCC.RDMS.CN02.AR01 | When repeated failed login attempts are made in a short timeframe, the account must be locked out or rate-limited to prevent further login attempts. | tlp-red, tlp-amber |