800-53|AC-7(2)

Title

PURGE / WIPE MOBILE DEVICE

Description

The information system purges/wipes information from [Assignment: organization-defined mobile devices] based on [Assignment: organization-defined purging/wiping requirements/techniques] after [Assignment: organization-defined number] consecutive, unsuccessful device logon attempts.

Supplemental

This control enhancement applies only to mobile devices for which a logon occurs (e.g., personal digital assistants, smart phones, tablets). The logon is to the mobile device, not to any one account on the device. Therefore, successful logons to any accounts on mobile devices reset the unsuccessful logon count to zero. Organizations define information to be purged/wiped carefully in order to avoid over purging/wiping which may result in devices becoming unusable. Purging/wiping may be unnecessary if the information on the device is protected with sufficiently strong encryption mechanisms.

Reference Item Details

Reference: NIST 800-53 - Security and Privacy Controls for Federal Information Systems and Organizations

Related: AC-19,MP-5,MP-6,SC-13

Category: ACCESS CONTROL

Parent Title: UNSUCCESSFUL LOGON ATTEMPTS

Family: ACCESS CONTROL

Audit Items

View all Reference Audit Items

Name	Plugin	Audit Name
1.1.5 - AirWatch - Enable Erase Data	MDM	AirWatch - CIS Apple iOS 9 v1.0.0 L2
1.1.5 - AirWatch - Enable Erase Data	MDM	AirWatch - CIS Apple iOS 8 v1.0.0 L2
1.1.5 - MobileIron - Enable Erase Data	MDM	MobileIron - CIS Apple iOS 9 v1.0.0 L2
1.1.5 - MobileIron - Enable Erase Data	MDM	MobileIron - CIS Apple iOS 8 v1.0.0 L2
2.1.6 - AirWatch - Limit the 'Number of failed attempts allowed'	MDM	AirWatch - CIS Google Android 4 v1.0.0 L1
2.1.6 - MobileIron - Limit the 'Number of failed attempts allowed'	MDM	MobileIron - CIS Google Android 4 v1.0.0 L1
2.2.7 - AirWatch - Set Maximum number of failed attempts	MDM	AirWatch - CIS Apple iOS 8 v1.0.0 L1
2.2.7 - AirWatch - Set Maximum number of failed attempts	MDM	AirWatch - CIS Apple iOS 9 v1.0.0 L1
2.2.7 - MobileIron - Set Maximum number of failed attempts	MDM	MobileIron - CIS Apple iOS 8 v1.0.0 L1
2.2.7 - MobileIron - Set Maximum number of failed attempts	MDM	MobileIron - CIS Apple iOS 9 v1.0.0 L1
2.4.5 Ensure 'Maximum number of failed attempts' is set to '6'	MDM	MobileIron - CIS Apple iOS 12 v1.0.0 End User Owned L1
2.4.5 Ensure 'Maximum number of failed attempts' is set to '6'	MDM	AirWatch - CIS Apple iOS 10 v2.0.0 End User Owned L1
2.4.5 Ensure 'Maximum number of failed attempts' is set to '6'	MDM	MobileIron - CIS Apple iOS 10 v2.0.0 End User Owned L1
2.4.5 Ensure 'Maximum number of failed attempts' is set to '6'	MDM	MobileIron - CIS Apple iOS 11 v1.0.0 End User Owned L1
2.4.5 Ensure 'Maximum number of failed attempts' is set to '6'	MDM	AirWatch - CIS Apple iOS 12 v1.0.0 End User Owned L1
2.4.5 Ensure 'Maximum number of failed attempts' is set to '6'	MDM	AirWatch - CIS Apple iOS 11 v1.0.0 End User Owned L1
3.1.6 - AirWatch - Limit the 'Number of failed attempts allowed'	MDM	AirWatch - CIS Apple iOS 8 v1.0.0 L1
3.1.6 - AirWatch - Limit the 'Number of failed attempts allowed'	MDM	AirWatch - CIS Apple iOS 9 v1.0.0 L1
3.1.6 - MobileIron - Limit the 'Number of failed attempts allowed'	MDM	MobileIron - CIS Apple iOS 9 v1.0.0 L1
3.1.6 - MobileIron - Limit the 'Number of failed attempts allowed'	MDM	MobileIron - CIS Apple iOS 8 v1.0.0 L1
3.4.5 Ensure 'Maximum number of failed attempts' is set to '6'	MDM	AirWatch - CIS Apple iOS 12 v1.0.0 Institution Owned L1
3.4.5 Ensure 'Maximum number of failed attempts' is set to '6'	MDM	MobileIron - CIS Apple iOS 12 v1.0.0 Institution Owned L1
3.4.5 Ensure 'Maximum number of failed attempts' is set to '6'	MDM	MobileIron - CIS Apple iOS 10 v2.0.0 Institution Owned L1
3.4.5 Ensure 'Maximum number of failed attempts' is set to '6'	MDM	AirWatch - CIS Apple iOS 10 v2.0.0 Institution Owned L1
3.4.5 Ensure 'Maximum number of failed attempts' is set to '6'	MDM	AirWatch - CIS Apple iOS 11 v1.0.0 Institution Owned L1
3.4.5 Ensure 'Maximum number of failed attempts' is set to '6'	MDM	MobileIron - CIS Apple iOS 11 v1.0.0 Institution Owned L1
MSFT-11-005400 - Microsoft Android 11 must allow the Administrator (EMM) to perform the following management function: Wipe Enterprise data.	MDM	AirWatch - DISA Microsoft Android 11 COBO v1r2
MSFT-11-005400 - Microsoft Android 11 must allow the Administrator (EMM) to perform the following management function: Wipe Enterprise data.	MDM	AirWatch - DISA Microsoft Android 11 COPE v1r2
MSFT-11-005400 - Microsoft Android 11 must allow the Administrator (EMM) to perform the following management function: Wipe Enterprise data.	MDM	MobileIron - DISA Microsoft Android 11 COPE v1r2
MSFT-11-005400 - Microsoft Android 11 must allow the Administrator (EMM) to perform the following management function: Wipe Enterprise data.	MDM	MobileIron - DISA Microsoft Android 11 COBO v1r2

Detections

Analytics