CCI-002240

Defines the purging or wiping requirements and techniques to be used on organization-defined mobile devices after an organization-defined number of consecutive, unsuccessful device logon attempts.

Implementation Guidance

Determine if information is purged or wiped from [AC-07(02)_ODP[01]; mobile devices to be purged or wiped of information are defined] based on [AC-07(02)_ODP[02]; purging or wiping requirements and techniques to be used when mobile devices are purged or wiped of information are defined] after [AC-07(02)_ODP[03]; the number of consecutive, unsuccessful logon attempts before the information is purged or wiped from mobile devices is defined] consecutive, unsuccessful device logon attempts.

Validation Procedures

Examine: [SELECT FROM: Access control policy; procedures addressing unsuccessful logon attempts on mobile devices; system design documentation; system configuration settings and associated documentation; list of mobile devices to be purged/wiped after organization-defined consecutive, unsuccessful device logon attempts; list of purging/wiping requirements or techniques for mobile devices; system audit records; system security plan; other relevant documents or records]. Interview: [SELECT FROM: System/network administrators; organizational personnel with information security responsibilities]. Test: [SELECT FROM: Mechanisms implementing access control policy for unsuccessful device logon attempts].

The controls below (if any) were marked by NIST as being related to CCI-002240.