3.1.6 - MobileIron - Limit the 'Number of failed attempts allowed'

Information

If the password setting is enabled then this control defines the number of failed login attempts before all information stored on the device is deleted and the device is automatically reset to original factory settings. The default Exchange ActiveSync policy setting applied for users not assigned to a mailbox policy configures the device to erase data after four (4) failed password attempts, if a password is configured on the device. The recommended setting is 6 or less failed attempts.

Solution

From the MobileIron console, open the Policies and Configs -> Policies view. Under the Security Policy verify that Maximum Number of Failed Attempts is set to 6 or less.

See Also

https://workbench.cisecurity.org/files/447

Item Details

Category: ACCESS CONTROL

References: 800-53|AC-7(2)

Plugin: MDM

Control ID: 64ad0ba732364f929f42fd4151d797a6ef2f01a8ada23049fc218a80b4b02aef