Does the account lockout policy used by Vault violate FDA regulation 21CFR11.300?
This question can arise, for example, when it is revealed during a security compliance-related audit that Vault does not send email notifications for invalid login attempts.
No. Invalid login attempts are logged under Login Audit History.
Vault KB articles:
- Can an email notification be configured for account lockouts after invalid login attempts in Vault?
- Why are invalid login attempts not appearing under Login Audit History in Vault?
Third Party documentation:
Vault Help Documentation: