How to configure and resolve workflow checks for setting up auto account lockout on critical systems

In this article:

Enhance the security of your critical services by activating automatic account lockout for users who experience multiple failed login attempts within a specified time frame. The Sprinto check facilitates the collection of evidence to ensure the proper configuration of this security measure on your critical system is maintained to meet the security compliance requirements.

Before You Begin

• Log in on Sprinto as administrator.

Configuring Workflow Check

1. Go to Security Hub > Workflow Checks.

2. Click on Add Workflow Check.

1. Locate Account Lockout should be configured for critical systems in the workflow checklist, and click Enable.

1. On the Add Workflow Check page, click Edit to adjust the check frequency and assign personnel or configure an evidence reviewer if necessary. Note: The default frequency for the workflow check is every six months. You can customize the frequency as per your requirements.

2. Click Enable.

   

Resolving Workflow Check

Once the check is activated, it will be in a "Due/Critical/Failing" status. To successfully pass the check, relevant evidence must be uploaded, and the status will be updated to "Passing."

Evidence: Upload a screen capture illustrating a critical system’s configured settings for automatic account lockout after multiple invalid login attempts within the defined period.

• Log in to the Sprinto Admin portal and go to Security Hub > Workflow Checks > Active.

  
• Select the Password Policy for Critical Systems Holding CHD check.

• Click Upload Evidence.

• Choose the Evidence Record Date and opt for either the File or Link attachment option. * File: Upload the file from your computer. * Link: If the evidence is stored online, provide the shareable link.

• Click Finish.

  

Please contact Sprinto Support if you need any assistance with the workflow check.