3.1.5 - MobileIron - Set the 'timeout' for 'Time without user input before password must be re-entered (in minutes)'

Information

This control defines the number of minutes the device can be inactive before requiring the password be reentered. By default, if a passcode is defined, an iOS device will automatically lock after two minutes of inactivity, and the default Exchange ActiveSync policy setting applied for users not assigned to a mailbox policy sets an inactivity lock at 15 minutes. The recommended setting is 2 minutes or less.

Solution

From the MobileIron console, open the Policies and Configs -> Policies view. Under the Security Policy verify that Maximum Inactivity Timeout is set to 2 or less.

See Also

https://workbench.cisecurity.org/files/1678

Item Details

Category: ACCESS CONTROL

References: 800-53|AC-11, CSCv6|16.5

Plugin: MDM

Control ID: 024ff696592e9a4ff437b56673a32ad92f7156cf363d5d3f1e916fc49497ae67