2.4.5 Ensure 'Maximum number of failed attempts' is set to '6'

Information

This recommendation pertains to the number of attempted logins before the automatic deletion of a device's cryptographic key.

Rationale:

Excessive incorrect passcode attempts typically indicate that the owner has lost physical control of the device. Upon such an event, erasing the encryption key will help to ensure the confidentiality of information stored on the device.

Solution

1. Open Apple Configurator.
2. Open the Configuration Profile.
3. In the left windowpane, click on the 'Passcode' tab.
4. In the right windowpane, set the 'Maximum number of failed attempts' to '6'.
5. Deploy the Configuration Profile.

Impact:

None.

See Also

https://workbench.cisecurity.org/files/1688