5.006 - The system configuration is not set with a password-protected screen saver. - ScreenSaverIsSecure


The system should be locked when unattended. Unattended systems are susceptible to unauthorized use. The screen saver should be set at a maximum of 15 minutes and password protected. This protects critical and sensitive data from exposure to unauthorized personnel with physical access to the computer.


Configure The policy values for User Configuration -> Administrative Templates -> Control Panel -> Display as follows-

'Screen Saver' will be set to 'Enabled' ('Activate screen saver' on Windows 2000)

'Password protect the screen saver' will be set to 'Enabled'

'Screen Saver timeout' will be set to 'Enabled- 900 seconds' (or less)

See Also


Item Details


References: 800-53|AC-11(1), 800-53|AC-11a., 800-53|AC-11b., CAT|II, CCI|CCI-000056, CCI|CCI-000057, CCI|CCI-000060, Rule-ID|SV-29500r1_rule, STIG-ID|5.006, Vuln-ID|V-1122

Plugin: Windows

Control ID: d996fe09dcf3d21cc7d38caafda39082a6f394f953cc82c65799f0b439c39689