800-53|AC-11(1)

Title

PATTERN-HIDING DISPLAYS

Description

The information system conceals, via the session lock, information previously visible on the display with a publicly viewable image.

Supplemental

Publicly viewable images can include static or dynamic images, for example, patterns used with screen savers, photographic images, solid colors, clock, battery life indicator, or a blank screen, with the additional caveat that none of the images convey sensitive information.

Reference Item Details

Category: ACCESS CONTROL

Parent Title: SESSION LOCK

Family: ACCESS CONTROL

Baseline Impact: MODERATE,HIGH

Audit Items

View all Reference Audit Items

NamePluginAudit Name
1.2.6 Set 'exec-timeout' to less than or equal to 10 minutes for 'line aux 0'CiscoCIS Cisco IOS 17 L1 v2.0.0
1.2.6 Set 'exec-timeout' to less than or equal to 10 minutes for 'line aux 0'CiscoCIS Cisco IOS 16 L1 v2.0.0
1.2.7 Set 'exec-timeout' to less than or equal to 10 minutes 'line console 0'CiscoCIS Cisco IOS 16 L1 v2.0.0
1.2.7 Set 'exec-timeout' to less than or equal to 10 minutes 'line console 0'CiscoCIS Cisco IOS 17 L1 v2.0.0
1.2.8 Set 'exec-timeout' less than or equal to 10 minutes 'line tty'CiscoCIS Cisco IOS 16 L1 v2.0.0
1.2.8 Set 'exec-timeout' to less than or equal to 10 minutes 'line vty'CiscoCIS Cisco IOS 17 L1 v2.0.0
1.2.9 Set 'transport input none' for 'line aux 0'CiscoCIS Cisco IOS 17 L1 v2.0.0
1.2.9 Set 'transport input none' for 'line aux 0' - line aux 0CiscoCIS Cisco IOS 16 L1 v2.0.0
1.3.2 Ensure 'Idle session timeout' is set to '3 hours (or less)' for unmanaged devicesmicrosoft_azureCIS Microsoft 365 Foundations E3 L1 v3.0.0
1.3.10 Ensure 'Password Profiles' do not existPalo_AltoCIS Palo Alto Firewall 10 v1.1.0 L1
1.4.1 Ensure 'Idle timeout' is less than or equal to 10 minutes for device managementPalo_AltoCIS Palo Alto Firewall 9 v1.1.0 L1
1.4.1 Ensure 'Idle timeout' is less than or equal to 10 minutes for device managementPalo_AltoCIS Palo Alto Firewall 10 v1.1.0 L1
1.4.1 Ensure 'Idle timeout' is less than or equal to 10 minutes for device managementPalo_AltoCIS Palo Alto Firewall 11 v1.0.0 L1
1.8.4 Ensure GDM screen locks when the user is idleUnixCIS Rocky Linux 9 Workstation L1 v1.0.0
1.8.4 Ensure GDM screen locks when the user is idleUnixCIS Oracle Linux 9 Server L1 v1.0.0
1.8.4 Ensure GDM screen locks when the user is idleUnixCIS AlmaLinux OS 9 Server L1 v1.0.0
1.8.4 Ensure GDM screen locks when the user is idleUnixCIS Oracle Linux 9 Workstation L1 v1.0.0
1.8.4 Ensure GDM screen locks when the user is idleUnixCIS Ubuntu Linux 20.04 LTS Workstation L1 v2.0.1
1.8.4 Ensure GDM screen locks when the user is idleUnixCIS Ubuntu Linux 20.04 LTS Server L1 v2.0.1
1.8.4 Ensure GDM screen locks when the user is idleUnixCIS Oracle Linux 8 Server L1 v3.0.0
1.8.4 Ensure GDM screen locks when the user is idleUnixCIS AlmaLinux OS 8 Server L1 v3.0.0
1.8.4 Ensure GDM screen locks when the user is idleUnixCIS AlmaLinux OS 8 Workstation L1 v3.0.0
1.8.4 Ensure GDM screen locks when the user is idleUnixCIS Rocky Linux 8 Server L1 v2.0.0
1.8.4 Ensure GDM screen locks when the user is idleUnixCIS Red Hat EL8 Workstation L1 v3.0.0
1.8.4 Ensure GDM screen locks when the user is idleUnixCIS Red Hat EL9 Server L1 v1.0.0
1.8.4 Ensure GDM screen locks when the user is idleUnixCIS Red Hat EL9 Workstation L1 v1.0.0
1.8.4 Ensure GDM screen locks when the user is idleUnixCIS AlmaLinux OS 9 Workstation L1 v1.0.0
1.8.4 Ensure GDM screen locks when the user is idleUnixCIS Rocky Linux 9 Server L1 v1.0.0
1.8.4 Ensure GDM screen locks when the user is idleUnixCIS Debian 10 Server L1 v2.0.0
1.8.4 Ensure GDM screen locks when the user is idleUnixCIS Debian 10 Workstation L1 v2.0.0
1.8.4 Ensure GDM screen locks when the user is idleUnixCIS Rocky Linux 8 Workstation L1 v2.0.0
1.8.4 Ensure GDM screen locks when the user is idleUnixCIS Oracle Linux 8 Workstation L1 v3.0.0
1.8.4 Ensure GDM screen locks when the user is idleUnixCIS Red Hat EL8 Server L1 v3.0.0
1.8.4 Ensure GDM screen locks when the user is idle - idle-delayUnixCIS Debian Linux 11 Server L1 v1.0.0
1.8.4 Ensure GDM screen locks when the user is idle - idle-delayUnixCIS Ubuntu Linux 22.04 LTS Server L1 v1.0.0
1.8.4 Ensure GDM screen locks when the user is idle - idle-delayUnixCIS Debian Linux 11 Workstation L1 v1.0.0
1.8.4 Ensure GDM screen locks when the user is idle - idle-delayUnixCIS Ubuntu Linux 22.04 LTS Workstation L1 v1.0.0
1.8.4 Ensure GDM screen locks when the user is idle - lock-delayUnixCIS Ubuntu Linux 22.04 LTS Server L1 v1.0.0
1.8.4 Ensure GDM screen locks when the user is idle - lock-delayUnixCIS Debian Linux 11 Workstation L1 v1.0.0
1.8.4 Ensure GDM screen locks when the user is idle - lock-delayUnixCIS Debian Linux 11 Server L1 v1.0.0
1.8.4 Ensure GDM screen locks when the user is idle - lock-delayUnixCIS Ubuntu Linux 22.04 LTS Workstation L1 v1.0.0
1.8.5 Ensure GDM screen locks cannot be overriddenUnixCIS Rocky Linux 9 Workstation L1 v1.0.0
1.8.5 Ensure GDM screen locks cannot be overriddenUnixCIS Rocky Linux 9 Server L1 v1.0.0
1.8.5 Ensure GDM screen locks cannot be overriddenUnixCIS Oracle Linux 9 Workstation L1 v1.0.0
1.8.5 Ensure GDM screen locks cannot be overriddenUnixCIS Red Hat EL9 Workstation L1 v1.0.0
1.8.5 Ensure GDM screen locks cannot be overriddenUnixCIS Rocky Linux 8 Workstation L1 v2.0.0
1.8.5 Ensure GDM screen locks cannot be overriddenUnixCIS Oracle Linux 8 Server L1 v3.0.0
1.8.5 Ensure GDM screen locks cannot be overriddenUnixCIS Debian 10 Server L1 v2.0.0
1.8.5 Ensure GDM screen locks cannot be overriddenUnixCIS Debian 10 Workstation L1 v2.0.0
1.8.5 Ensure GDM screen locks cannot be overriddenUnixCIS Oracle Linux 8 Workstation L1 v3.0.0