3.1.5 - MobileIron - Set the 'timeout' for 'Time without user input before password must be re-entered (in minutes)'

Information

This control defines the number of minutes the device can be inactive before requiring the password be reentered. By default, if a passcode is defined, an iOS device will automatically lock after two minutes of inactivity, and the default Exchange ActiveSync policy setting applied for users not assigned to a mailbox policy sets an inactivity lock at 15 minutes. The recommended setting is 2 minutes or less.

Solution

From the MobileIron console, open the Policies and Configs -> Policies view. Under the Security Policy verify that Maximum Inactivity Timeout is set to 2 or less.

See Also

https://workbench.cisecurity.org/files/1678

Item Details

Category: ACCESS CONTROL

References: 800-53|AC-11, CSCv6|16.5

Plugin: MDM

Control ID: 1b2180ba50135b36c96179f6b93b021ab61051cff1f1385b7223b6d9b1a0d169