In PCF, the UAA component delegates these responsibilities to the enterprise identity manangement system (IdM). Lockout of users following too many failed authentication attempts is inherited from the enterprise IdM. In the case of BOSH SSH, users must have previously authenticated via UAA, and the SSH login uses a BOSH-managed private key.
The information system:
This control applies regardless of whether the logon occurs via a local or network connection. Due to the potential for denial of service, automatic lockouts initiated by information systems are usually temporary and automatically release after a predetermined time period established by organizations. If a delay algorithm is selected, organizations may choose to employ different algorithms for different information system components based on the capabilities of those components. Responses to unsuccessful logon attempts may be implemented at both the operating system and the application levels.