3.4.1 Ensure 'Allow simple value' is set to 'Disabled'

Information

This recommendation pertains to passcode requirements. A simple passcode is defined as containing repeated characters, or increasing/decreasing characters (such as 123 or CBA).

Rationale:

Simple passcodes such as those with repeating, ascending, or descending character sequences are easily guessed. Preventing the selection of passwords containing such sequences increases the complexity of the passcode and reduces the ease with which an attacker may attempt to guess the passcode in order to gain access to the device.

Solution

Open Apple Configurator.

Open the Configuration Profile.

In the left window pane, click on the Passcode tab.

In the right window pane, uncheck the checkbox for Allow simple value.

Deploy the Configuration Profile.

See Also

https://workbench.cisecurity.org/benchmarks/15548

Item Details

Category: IDENTIFICATION AND AUTHENTICATION

References: 800-53|IA-5(1), CSCv7|4.4

Plugin: MDM

Control ID: 1ee99ba0e43972091bcbb5db427f95b883f878fca221e0ce50ba9e5db5504b93