5.102 - This check verifies that Windows is configured to have password protection take effect within a limited time frame.

Information

Allowing more than several seconds makes the computer vulnerable to a potential attack from someone walking up to the console to attempt to log onto the system before the lock takes effect.

Solution

Configure the policy value for Computer Configuration -> Windows Settings -> Security Settings -> Local Policies -> Security Options -> 'MSS- (ScreenSaverGracePeriod) The time in seconds before the screen saver grace period expires (0 recommended)' to '5' or less.

See Also

http://iasecontent.disa.mil/stigs/zip/Oct2016/U_Windows_Vista_V6R41_STIG.zip

Item Details

Category: CONFIGURATION MANAGEMENT

References: 800-53|CM-6b., CAT|III, CCI|CCI-000366, Rule-ID|SV-29375r1_rule, STIG-ID|5.102, Vuln-ID|V-4442

Plugin: Windows

Control ID: 09ab4649187df080a2668c5f7a0ba2914ef20418fe31e26207bc92751ec73277