The "account lockout duration" policy should meet minimum requirements. (1) number of minutes (1) defined by Local or Group Policy CCE-980 account-lockout-duration oval:com.secure-elements.oval:def:6007 account_lockout_duration oval:gov.nist.fdcc.vista:def:6007 oval:gov.nist.usgcb.vista:def:6007 BITS Shared Assessments SIG v6.0 Jericho Forum HIPAA/HITECH Act FedRAMP Security Controls(Final Release Jan 2012)--LOW IMPACT LEVEL-- ISO/IEC 27001-2005 COBIT 4.1 GAPP (Aug 2009) NERC CIP NIST SP800-53 R3 AC-7 NIST SP800-53 R3 CM-6 PCIDSS v2.0 FedRAMP Security Controls(Final Release Jan 2012)--MODERATE IMPACT LEVEL-- BITS Shared Assessments AUP v5.0 CCE Version 4.2 2008-02-15 SCAP: Guidance for Securing Microsoft Windows Vista Systems for IT Professional (XCCDF Benchmark) 2007-02-06 SCAP: Guidance for Securing Microsoft Windows Vista Systems for IT Professional (OVAL Definitions) 2007-02-06 FDCC: Guidance for Securing Microsoft Windows Vista Systems for IT Professional (XCCDF Benchmark) 2008-01-10 FDCC: Guidance for Securing Microsoft Windows Vista Systems for IT Professional (OVAL Definitions) 2008-01-10 SCAP Repo OVAL Definition 2012-04-13 BITS Shared Assessments SIG v6.0 2012-10-12 Jericho Forum 2012-10-12 HIPAA/HITECH Act 2012-10-12 ISO/IEC 27001-2005 2012-10-12 COBIT 4.1 2012-10-12 GAPP (Aug 2009) 2012-10-12 NERC CIP 2012-10-12 NIST SP800-53 R3 2012-10-12 PCIDSS v2.0 2012-10-12 BITS Shared Assessments AUP v5.0 2012-10-12