Requirement 8.5.13

Limit repeated access attempts by locking out the user ID after not more than six attempts.