[PCI DSS 1.x] 8.5.13 Limit repeated access attempts by locking out the user ID after not more than six attempts

8.5.13 For a sample of system components, critical servers, and wireless access points, obtain and inspect system configuration settings to verify that password parameters are set to require that a user’s account is locked out after not more than six invalid logon attempts
For Service Providers only, review internal processes and customer/user documentation to verify that customer accounts are temporarily locked-out after not more than six invalid access attempts