3.1.6 - MobileIron - Limit the 'Number of failed attempts allowed'


If the password setting is enabled then this control defines the number of failed login attempts before all information stored on the device is deleted and the device is automatically reset to original factory settings. The default Exchange ActiveSync policy setting applied for users not assigned to a mailbox policy configures the device to erase data after four (4) failed password attempts, if a password is configured on the device. The recommended setting is 6 or less failed attempts.


From the MobileIron console, open the Policies and Configs -> Policies view. Under the Security Policy verify that Maximum Number of Failed Attempts is set to 6 or less.

See Also


Item Details


References: 800-53|AC-7(2)

Plugin: MDM

Control ID: 793e4388b6e92ff9bf71d29b25e8df311265fd7b61057d8c249b6228caabe680