205 – Configure PIN

Summary

Devices that connect to the mobile network must have a personal identification number (PIN) configured on the SIM card.

Description

Mobile devices contain sensitive personal and professional data. The SIM card contains identity information, by adding a PIN the device implements an additional layer of protection to prevent unauthorized access to this information.

Supported In

Advanced: True

References

• OWASP10-A5. Security misconfiguration
• PADSS-1_1_3. Do not store personal identification number (PIN) or the encrypted PIN block
• CMMC-AC_L2-3_1_18. Mobile device connection
• CMMC-MP_L2-3_8_2. Media access
• CMMC-MP_L2-3_8_7. Removable media
• CMMC-PE_L1-3_10_5. Manage physical access
• CMMC-SC_L2-3_13_13. Mobile code
• HITRUST-01_x. Mobile computing and communications
• HITRUST-09_k. Controls against mobile code
• FEDRAMP-MP-2. Media access
• ISO27002-7_9. Security of assets off-premises
• ISO27002-8_1. User endpoint devices
• IEC62443-UC-2_3. Use control for portable and mobile devices
• IEC62443-UC-2_4. Mobile code
• NIST800171-1_18. Control connection of mobile devices
• SWIFTCSC-3_1. Physical security
• SIG-H_3_1_19. Access control
• SIG-M_1_25. End user device security
• ISO27001-7_9. Security of assets off-premises
• ISO27001-8_1. User endpoint devices

Last updated

2024/01/18