Cyber Resilience

NIST 800-53 r5 · Controls catalogue · Family AC

AC-7Unsuccessful Logon Attempts

Enforce a limit of {{ insert: param, ac-07_odp.01 }} consecutive invalid logon attempts by a user during a {{ insert: param, ac-07_odp.02 }} ; and Automatically {{ insert: param, ac-07_odp.03 }} when the maximum number of unsuccessful attempts is exceeded.

Last updated: 04 July 2026 00:28 UTC

Implementations targeting this control (0)

ATT&CK techniques this control mitigates (16)

Weaknesses this control addresses (1)AI

CWEs ranked by how often they appear in real CVEs. The rationale describes how this control reduces exploitability of each weakness class.

CWE Name CVEs Why this control addresses it
CWE-307Improper Restriction of Excessive Authentication Attempts714This control directly enforces limits on consecutive invalid logon attempts and automatic response (e.g., lockout) to prevent brute-force exploitation of authentication mechanisms.

Top CVEs where this control is the strongest mitigation

CVE Risk CVSS EPSS Match
CVE-2026-307907.09.80.0022good
CVE-2025-242457.09.80.0061good
CVE-2026-312827.09.80.0039good
CVE-2025-638077.09.80.0044good
CVE-2025-643107.09.80.0041good
CVE-2025-255957.09.80.0046good
CVE-2026-338797.09.80.0027good
CVE-2026-336407.09.80.0047good
CVE-2026-331527.09.10.0051good
CVE-2024-488867.09.00.0046good
CVE-2026-62847.09.10.0045good
CVE-2025-692467.09.80.0038good
CVE-2025-696157.09.10.0045good
CVE-2026-244367.09.80.0042good
CVE-2025-4319 UPD7.09.40.0037good
CVE-2024-9342 UPD7.09.80.0040good
CVE-2025-4094 UPD7.09.80.1644good
CVE-2024-392257.09.80.1453good
CVE-2023-271007.09.80.0984good
CVE-2022-306007.09.80.0488good
CVE-2023-376357.09.80.0115good
CVE-2024-412767.09.80.0104good
CVE-2023-229606.07.50.2777good
CVE-2026-240175.58.10.0076good
CVE-2025-140025.58.10.0044good

Other controls in family AC

AC-1 AC-10 AC-11 AC-12 AC-13 AC-14 AC-15 AC-16 AC-17 AC-18 AC-19 AC-2 AC-20 AC-21 AC-22 AC-23 AC-24 AC-25 AC-3 AC-4 AC-5 AC-6 AC-8 AC-9