Configure PIN
Summary
Devices that connect to the mobile network must have a personal identification number (PIN) configured on the SIM card.
Description
Mobile devices contain sensitive personal and professional data. The SIM card contains identity information, by adding a PIN the device implements an additional layer of protection to prevent unauthorized access to this information.
Supported In
This requirement is verified in following services
Plan | Supported |
---|---|
Essential | 🔴 |
Advanced | 🟢 |
References
- OWASP TOP 10-A5. Security misconfiguration
- PA-DSS-1_1_3. Do not store personal identification number (PIN) or the encrypted PIN block
- CMMC-AC_L2-3_1_18. Mobile device connection
- CMMC-MP_L2-3_8_2. Media access
- CMMC-MP_L2-3_8_7. Removable media
- CMMC-PE_L1-3_10_5. Manage physical access
- CMMC-SC_L2-3_13_13. Mobile code
- HITRUST CSF-01_x. Mobile computing and communications
- HITRUST CSF-09_k. Controls against mobile code
- FedRAMP-MP-2. Media access
- ISO/IEC 27002-7_9. Security of assets off-premises
- ISO/IEC 27002-8_1. User endpoint devices
- ISA/IEC 62443-UC-2_3. Use control for portable and mobile devices
- ISA/IEC 62443-UC-2_4. Mobile code
- NIST 800-171-1_18. Control connection of mobile devices
- SWIFT CSCF-3_1. Physical security
- SIG Core-H_3_1_19. Access control
- SIG Core-M_1_25. End user device security
- ISO/IEC 27001-7_9. Security of assets off-premises
- ISO/IEC 27001-8_1. User endpoint devices
free trial
Search for vulnerabilities in your apps for free with Fluid Attacks' automated security testing! Start your 21-day free trial and discover the benefits of the Continuous Hacking Essential plan. If you prefer the Advanced plan, which includes the expertise of Fluid Attacks' hacking team, fill out this contact form.