3.1.5 - MobileIron - Set the 'timeout' for 'Time without user input before password must be re-entered (in minutes)'


This control defines the number of minutes the device can be inactive before requiring the password be reentered. By default, if a passcode is defined, an iOS device will automatically lock after two minutes of inactivity, and the default Exchange ActiveSync policy setting applied for users not assigned to a mailbox policy sets an inactivity lock at 15 minutes. The recommended setting is 2 minutes or less.


From the MobileIron console, open the Policies and Configs -> Policies view. Under the Security Policy verify that Maximum Inactivity Timeout is set to 2 or less.

See Also


Item Details


References: 800-53|AC-11, CSCv6|16.5

Plugin: MDM

Control ID: 1b2180ba50135b36c96179f6b93b021ab61051cff1f1385b7223b6d9b1a0d169