diff --git a/docs/pages/admin-guides/access-controls/compliance-frameworks/fedramp.mdx b/docs/pages/admin-guides/access-controls/compliance-frameworks/fedramp.mdx
index 8e174a34c93e8..c8fa8fd061273 100644
--- a/docs/pages/admin-guides/access-controls/compliance-frameworks/fedramp.mdx
+++ b/docs/pages/admin-guides/access-controls/compliance-frameworks/fedramp.mdx
@@ -19,8 +19,8 @@ government agencies.
| - | - |
| [AC-02 Account Management]((=fedramp.control_url=)AC-02) | Audit events are emitted in the Auth Service when a user is created, updated, deleted, locked, or unlocked. |
| [AC-03 Access Enforcement]((=fedramp.control_url=)AC-03) | Teleport Enterprise supports robust [Role-based Access Controls (RBAC)](../access-controls.mdx) to:
• Control which infrastructure resources a user can or cannot access.
• Control cluster level configuration (session recording, configuration, etc.)
• Control which Unix logins a user is allowed to use when logging into a server. |
-| [AC-07 Unsuccessful Logon Attempts]((=fedramp.control_url=)AC-07) | Teleport Enterprise supports robust [Role-based Access Controls (RBAC)](../access-controls.mdx) to:
• Control which resources a user can or cannot access.
• Control cluster level configuration (session recording, configuration, etc.)
• Control which Unix logins a user is allowed to use when logging into a server. | Teleport supports two types of users: local and SSO-based accounts (GitHub, Google Apps, Okta, etc). For local accounts, by default, Teleport locks accounts for 30 minutes after 5 failed login attempts. For SSO-based accounts, the number of invalid login attempts and lockout time period is controlled by the SSO provider. |
-| [AC-08 System Use Notification]((=fedramp.control_url=)AC-08) | Teleport Enterprise supports robust [Role-based Access Controls (RBAC)](../access-controls.mdx) to:
• Control which resources a user can or cannot access.
• Control cluster level configuration (session recording, configuration, etc.)
• Control which Unix logins a user is allowed to use when logging into a server. | Teleport integrates with Linux Pluggable Authentication Modules (PAM). PAM modules can be used to display a custom message on login using a message of the day (MOTD) module within the Session management primitive. |
+| [AC-07 Unsuccessful Logon Attempts]((=fedramp.control_url=)AC-07) | Teleport supports two types of users: local and SSO-based accounts (GitHub, Google Apps, Okta, etc). For local accounts, by default, Teleport locks accounts for 30 minutes after 5 failed login attempts. For SSO-based accounts, the number of invalid login attempts and lockout time period is controlled by the SSO provider. |
+| [AC-08 System Use Notification]((=fedramp.control_url=)AC-08) | Teleport integrates with Linux Pluggable Authentication Modules (PAM). PAM modules can be used to display a custom message on login using a message of the day (MOTD) module within the Session management primitive. |
| [AC-10 Concurrent Session Control]((=fedramp.control_url=)AC-10) | Teleport administrators can define concurrent session limits using Teleport’s RBAC. |
| [AC-12 Session Termination]((=fedramp.control_url=)AC-12) | Admins can terminate active sessions with [session locking](../../access-controls/guides/locking.mdx). Teleport terminates sessions on expiry or inactivity. |
| [AC-17 Remote Access]((=fedramp.control_url=)AC-17) | Teleport administrators create users with configurable roles that can be used to allow or deny access to system resources. |