SID-ACCESS-02 — Rate Limiting and Brute-Force Protection
| Property | Value |
|---|---|
| Owner | platform |
| Category | technical |
| CSF Function | protect |
| Group | Access Control |
Description
Per-identifier sliding window rate limiting with configurable burst and lockout after threshold. Prevents brute-force authentication attacks. WebSocket sessions limited to 3 concurrent pending flows (DoS protection).
Components
Source References
Framework Requirements
EUDI Security Requirements: WUH-8.3.1-Sec-02, WUH-8.3.2-Sec-01
FitCEM Wallet Instance: FIT-DS-09
ISO 27001 Annex A: A.5.15