Information
The GNOME Display Manager is used for login session management. See the manual page gdm(1) for more information. By default, GNOME automatic login is defined in /etc/pam.d/gdm-autologin to allow users to access the system without a password.
Rationale:
As automatic logins are a known security risk for other than 'kiosk' types of systems, GNOME automatic login should be disabled in /etc/pam.d/gdm-autologin.
Solution
Comment out or remove all lines from /etc/pam.d/gdm-autologin:
# cp /etc/pam.d/gdm-autologin /etc/pam.d/gdm-autologin.orig
# awk '{ if ( $1 ~ /auth/ || $1 ~ /account/) $1 = '#'$1 } { print };' /etc/pam.d/gdm-autologin > /etc/pam.d/gdm-autologin.CIS
# cp /etc/pam.d/gdm-autologin.CIS /etc/pam.d/gdm-autologin