3.4.6 Ensure 'Maximum number of failed attempts' is set to '6'

Information

This recommendation pertains to the number of attempted logins before automatic deletion of a device's cryptographic key.

Rationale:

Excessive incorrect passcode attempts typically indicate that the owner has lost physical control of the device. In the event of such an incident, erasing the encryption key will help to ensure confidentiality of information stored on the device.

Solution

Open Apple Configurator.

Open the Configuration Profile.

In the left window pane, click on the Passcode tab.

In the right window pane, set the Maximum number of failed attempts to 6.

Deploy the Configuration Profile.

See Also

https://workbench.cisecurity.org/benchmarks/6168