3.4.3 Ensure 'Maximum Auto-Lock' is set to '2 minutes' or less

Information

This recommendation pertains to the maximum number of minutes a device may remain inactive before auto-locking.

**NOTE: This entry refers to maximum auto-lock, consistent with the interface language, but iOS devices treat it as auto-lock at 2 minutes.**

Rationale:

Automatically locking the device after a short period of inactivity reduces the probability of an attacker accessing the device without entering a password.

Solution

1. Open Apple Configurator.
2. Open the Configuration Profile.
3. In the left windowpane, click on the 'Passcode' tab.
4. In the right windowpane, set the 'Maximum Auto-Lock' to '2'.
5. Deploy the Configuration Profile.

Impact:

This is not enforced during certain activities; such as watching movies.

See Also

https://workbench.cisecurity.org/files/1688