2.3.3 Verify Display Sleep is set to a value larger than the Screen Saver

Information

If the Screen Saver is used to lock the screen, verify the Display Sleep settings are longer than the Screen Saver setting. If the display goes to sleep before the screen saver activates, the computer will appear to be off, but will be unprotected. Users of the system can easily assume that the computer is protected when the display goes to sleep. The computer should be configured so that the screen is locked whenever the display turns off automatically.

Solution

In System Preferences: Energy Saver, drag the slider for "Put the display(s) to sleep..." to a reasonable number, but longer than the screen saver setting. The Mac will display a warning if the number is too short. Alternatively, use the following command: sudo pmset -c displaysleep 0 Note: The -c flag means "wall power." Different settings must be used for other power sources. Impact: If the display sleeps before the screensaver is active the computer may be unlocked and available for an unauthorized user.

See Also

https://workbench.cisecurity.org/files/299

Item Details

Category: ACCESS CONTROL

References: 800-53|AC-11

Plugin: Unix

Control ID: 532ebcf81eff026115b259a3008986dad3f13058de1ff27a3679cb5578799e3c