Information
The GNOME Display Manager is used for login session management. See the manual page gdm(1) for more information. By default, GNOME automatic login is defined in pam.conf(4) to allow users to access the system without a password.
As automatic logins are a known security risk for other than "kiosk" types of systems, GNOME automatic login should be disabled in pam.conf(4).
Solution
Perform the following to implement the recommended state:
# cd /etc
# awk '/^gdm-autologin/ { $1="#gdm-autologin" } { print }' /etc/pam.conf > /etc/pam.conf.CIS
# mv pam.conf.CIS pam.conf