800-53|AC-11(1)

Title

PATTERN-HIDING DISPLAYS

Description

The information system conceals, via the session lock, information previously visible on the display with a publicly viewable image.

Supplemental

Publicly viewable images can include static or dynamic images, for example, patterns used with screen savers, photographic images, solid colors, clock, battery life indicator, or a blank screen, with the additional caveat that none of the images convey sensitive information.

Reference Item Details

Category: ACCESS CONTROL

Parent Title: SESSION LOCK

Family: ACCESS CONTROL

Baseline Impact: MODERATE,HIGH

Audit Items

View all Reference Audit Items

NamePluginAudit Name
1.2.6 Set 'exec-timeout' to less than or equal to 10 minutes for 'line aux 0'CiscoCIS Cisco IOS XE 16.x v2.1.0 L1
1.2.6 Set 'exec-timeout' to less than or equal to 10 minutes for 'line aux 0'CiscoCIS Cisco IOS XE 17.x v2.1.0 L1
1.2.7 Set 'exec-timeout' to less than or equal to 10 minutes 'line console 0'CiscoCIS Cisco IOS XE 16.x v2.1.0 L1
1.2.7 Set 'exec-timeout' to less than or equal to 10 minutes 'line console 0'CiscoCIS Cisco IOS XE 17.x v2.1.0 L1
1.2.8 Set 'exec-timeout' to less than or equal to 10 minutes 'line vty'CiscoCIS Cisco IOS XE 16.x v2.1.0 L1
1.2.8 Set 'exec-timeout' to less than or equal to 10 minutes 'line vty'CiscoCIS Cisco IOS XE 17.x v2.1.0 L1
1.2.9 Set 'transport input none' for 'line aux 0'CiscoCIS Cisco IOS XE 17.x v2.1.0 L1
1.2.9 Set 'transport input none' for 'line aux 0'CiscoCIS Cisco IOS XE 16.x v2.1.0 L1
1.2.11 Set 'exec-timeout' to less than or equal to 10 min on 'ip http'CiscoCIS Cisco IOS XE 17.x v2.1.0 L1
1.2.11 Set 'exec-timeout' to less than or equal to 10 min on 'ip http'CiscoCIS Cisco IOS XE 16.x v2.1.0 L1
1.3.2 Ensure 'Idle session timeout' is set to '3 hours (or less)' for unmanaged devicesmicrosoft_azureCIS Microsoft 365 Foundations E3 L1 v3.1.0
1.4.1 Ensure 'Idle timeout' is less than or equal to 10 minutes for device managementPalo_AltoCIS Palo Alto Firewall 10 v1.2.0 L1
1.4.1 Ensure 'Idle timeout' is less than or equal to 10 minutes for device managementPalo_AltoCIS Palo Alto Firewall 11 v1.1.0 L1
1.4.1 Ensure 'Idle timeout' is less than or equal to 10 minutes for device managementPalo_AltoCIS Palo Alto Firewall 9 v1.1.0 L1
1.4.2 Ensure 'Failed Attempts' and 'Lockout Time' for Authentication Profile are properly configuredPalo_AltoCIS Palo Alto Firewall 10 v1.2.0 L1
1.4.2 Ensure 'Failed Attempts' and 'Lockout Time' for Authentication Profile are properly configuredPalo_AltoCIS Palo Alto Firewall 11 v1.1.0 L1
1.7.4 Ensure GDM screen locks when the user is idleUnixCIS Ubuntu Linux 24.04 LTS v1.0.0 L1 Workstation
1.7.4 Ensure GDM screen locks when the user is idleUnixCIS Debian Linux 12 v1.1.0 L1 Server
1.7.4 Ensure GDM screen locks when the user is idleUnixCIS CentOS Linux 7 v4.0.0 L1 Workstation
1.7.4 Ensure GDM screen locks when the user is idleUnixCIS Ubuntu Linux 22.04 LTS v2.0.0 L1 Server
1.7.4 Ensure GDM screen locks when the user is idleUnixCIS Debian Linux 11 v2.0.0 L1 Server
1.7.4 Ensure GDM screen locks when the user is idleUnixCIS Ubuntu Linux 24.04 LTS v1.0.0 L1 Server
1.7.4 Ensure GDM screen locks when the user is idleUnixCIS Red Hat Enterprise Linux 7 v4.0.0 L1 Workstation
1.7.4 Ensure GDM screen locks when the user is idleUnixCIS CentOS Linux 7 v4.0.0 L1 Server
1.7.4 Ensure GDM screen locks when the user is idleUnixCIS Debian Linux 12 v1.1.0 L1 Workstation
1.7.4 Ensure GDM screen locks when the user is idleUnixCIS Oracle Linux 7 v4.0.0 L1 Server
1.7.4 Ensure GDM screen locks when the user is idleUnixCIS Oracle Linux 7 v4.0.0 L1 Workstation
1.7.4 Ensure GDM screen locks when the user is idleUnixCIS Red Hat Enterprise Linux 7 v4.0.0 L1 Server
1.7.4 Ensure GDM screen locks when the user is idleUnixCIS Debian Linux 11 v2.0.0 L1 Workstation
1.7.4 Ensure GDM screen locks when the user is idleUnixCIS Ubuntu Linux 22.04 LTS v2.0.0 L1 Workstation
1.7.5 Ensure GDM screen locks cannot be overriddenUnixCIS Debian Linux 11 v2.0.0 L1 Server
1.7.5 Ensure GDM screen locks cannot be overriddenUnixCIS Ubuntu Linux 22.04 LTS v2.0.0 L1 Server
1.7.5 Ensure GDM screen locks cannot be overriddenUnixCIS CentOS Linux 7 v4.0.0 L1 Server
1.7.5 Ensure GDM screen locks cannot be overriddenUnixCIS Red Hat Enterprise Linux 7 v4.0.0 L1 Server
1.7.5 Ensure GDM screen locks cannot be overriddenUnixCIS Red Hat Enterprise Linux 7 v4.0.0 L1 Workstation
1.7.5 Ensure GDM screen locks cannot be overriddenUnixCIS Oracle Linux 7 v4.0.0 L1 Server
1.7.5 Ensure GDM screen locks cannot be overriddenUnixCIS CentOS Linux 7 v4.0.0 L1 Workstation
1.7.5 Ensure GDM screen locks cannot be overriddenUnixCIS Debian Linux 11 v2.0.0 L1 Workstation
1.7.5 Ensure GDM screen locks cannot be overriddenUnixCIS Ubuntu Linux 24.04 LTS v1.0.0 L1 Server
1.7.5 Ensure GDM screen locks cannot be overriddenUnixCIS Ubuntu Linux 24.04 LTS v1.0.0 L1 Workstation
1.7.5 Ensure GDM screen locks cannot be overriddenUnixCIS Ubuntu Linux 22.04 LTS v2.0.0 L1 Workstation
1.7.5 Ensure GDM screen locks cannot be overriddenUnixCIS Debian Linux 12 v1.1.0 L1 Workstation
1.7.5 Ensure GDM screen locks cannot be overriddenUnixCIS Debian Linux 12 v1.1.0 L1 Server
1.7.5 Ensure GDM screen locks cannot be overriddenUnixCIS Oracle Linux 7 v4.0.0 L1 Workstation
1.8.1 Ensure 'console session timeout' is less than or equal to '5' minutesCiscoCIS Cisco ASA 9.x Firewall L1 v1.1.0
1.8.2 Ensure 'SSH session timeout' is less than or equal to '5' minutesCiscoCIS Cisco ASA 9.x Firewall L1 v1.1.0
1.8.3 Ensure 'HTTP idle timeout' is less than or equal to '5' minutesCiscoCIS Cisco ASA 9.x Firewall L1 v1.1.0
1.8.4 Ensure GDM screen locks when the user is idleUnixCIS Ubuntu Linux 20.04 LTS Workstation L1 v2.0.1
1.8.4 Ensure GDM screen locks when the user is idleUnixCIS Ubuntu Linux 18.04 LTS v2.2.0 L1 Workstation
1.8.4 Ensure GDM screen locks when the user is idleUnixCIS Rocky Linux 8 Server L1 v2.0.0