1.20 Ensure 'Ask for unlock pattern/PIN/password before unpinning' is set to 'Enabled'

Information

Unpinning should require re-authentication.
The recommended state for this setting is: Enabled.

Rationale:

Your might lend your device to a friend or anyone else for carrying out a single task such as make an emergency phone call or play a game. You should use screen pinning in such a situation. It locks the users to the particular screen that you handed over the device with. Users cannot use the device outside of that application until the screen is unpinned. Unpinning screen should require re-authentication.

NOTE: Nessus has not performed this check. Please review the benchmark to ensure target compliance.

Solution

Follow the below steps to enable Ask for pattern/PIN/password before unpinning:

Tap the Settings Gear Icon.
Tap Security.
Scroll to the DEVICE SECURITY section.
Tap Advanced.
Tap Screen pinning.
If you are using Screen Pinning, then toggle Ask for pattern/PIN/password before unpinning setting to ON position.

Impact:

None

Default Value:

By default, if you enable Screen pinning, then Ask for pattern/PIN/password before unpinning setting is also enabled if you have previously chosen to lock your device with a pattern, PIN or password. If you have previously chosen to not lock your device, you would be required to set it up by tapping Lock device when unpinning after enabling Screen pinning.

See Also

https://workbench.cisecurity.org/files/2466