Canadian Tire has such password policy for all the systems. e.g. We have VPN credential for each employee. If the error pwd is entered 3 times. We lockdown this account for 30 minutes. This will reduce the workload for helpdesk to unlock the account and protect the password being breached.
We would need the same functions provided by AEM for local accounts. The federated accounts are fine since the authentication will happen in CTC side.
After information taken, having such a process in place could represent some security risk where accounts could be frozen using Denial Of Service
As you are mentioning that Federated accounts are fine, are you using AEM Cloud service? In which case, the admin user password is generated during the environment creation, and having local users is not recommended, hence this should not be a problem here.
e.g. ctcadmin besides OOBT "admin" account, impoteraccount for service push data to authoring instance using basic authentication.
In this case, is this lockout feature is required for security enhancement. Is this feature request feasible? If yes, when will we expect it go with new SP?