4.10: Enforce Automatic Device Lockout on Portable End-User Devices
Threats Addressed:
Control is new to this version of the control set.
Control Statement
Enforce automatic device lockout following a predetermined threshold of local failed authentication attempts on portable end-user devices, where supported. For laptops, do not allow more than 20 failed authentication attempts; for tablets and smartphones, no more than 10 failed authentication attempts. Example implementations include Microsoft® InTune Device Lock and Apple® Configuration Profile maxFailedAttempts.
[csf.tools Note: For more information on the Critical Security Controls, visit the Center for Internet Security.]