3.1.6 - AirWatch - Limit the 'Number of failed attempts allowed'

Information

If the password setting is enabled then this control defines the number of failed login attempts before all information stored on the device is deleted and the device is automatically reset to original factory settings. The default Exchange ActiveSync policy setting applied for users not assigned to a mailbox policy configures the device to erase data after four (4) failed password attempts, if a password is configured on the device. The recommended setting is 6 or less failed attempts.

Solution

From the AirWatch console, open the iOS device profile. Under Passcode verify that Maximum Number of Failed Attempts is set to a value of 6 or less.

See Also

https://workbench.cisecurity.org/files/1678

Item Details

Category: ACCESS CONTROL

References: 800-53|AC-7(2)

Plugin: MDM

Control ID: 35df20beffb342e87967d5302c335134dd4e3ed39c7387bcff5fd7e61b050f29