5.006 - The system configuration is not set with a password-protected screen saver. - ScreenSaverIsSecure

Information

The system should be locked when unattended. Unattended systems are susceptible to unauthorized use. The screen saver should be set at a maximum of 15 minutes and password protected. This protects critical and sensitive data from exposure to unauthorized personnel with physical access to the computer.

Solution

Configure The policy values for User Configuration -> Administrative Templates -> Control Panel -> Display as follows-

'Screen Saver' will be set to 'Enabled' ('Activate screen saver' on Windows 2000)

'Password protect the screen saver' will be set to 'Enabled'

'Screen Saver timeout' will be set to 'Enabled- 900 seconds' (or less)

See Also

http://iasecontent.disa.mil/stigs/zip/Oct2016/U_Windows_Vista_V6R41_STIG.zip

Item Details

Category: ACCESS CONTROL

References: 800-53|AC-11(1), 800-53|AC-11a., 800-53|AC-11b., CAT|II, CCI|CCI-000056, CCI|CCI-000057, CCI|CCI-000060, Rule-ID|SV-29500r1_rule, STIG-ID|5.006, Vuln-ID|V-1122

Plugin: Windows

Control ID: d996fe09dcf3d21cc7d38caafda39082a6f394f953cc82c65799f0b439c39689