800-53|AC-11b.

Title

SESSION LOCK

Description

Retains the session lock until the user reestablishes access using established identification and authentication procedures.

Reference Item Details

Category: ACCESS CONTROL

Family: ACCESS CONTROL

Audit Items

View all Reference Audit Items

NamePluginAudit Name
1.1.3.6.6 Set 'Interactive logon: Require Domain Controller authentication to unlock workstation' to 'Disabled'WindowsCIS Windows 8 L1 v1.0.0
1.8.6 Ensure GDM session lock is enabledUnixCIS Red Hat Enterprise Linux 7 STIG v2.0.0 STIG
2.2.2.2 Ensure GNOME Screen Lock is Enabled.UnixCIS Amazon Linux 2 STIG v1.0.0 L3
2.3.7.7 Ensure 'Interactive logon: Smart card removal behavior' is set to 'Lock Workstation' or higherWindowsCIS Windows 7 Workstation Level 1 v3.2.0
2.3.7.7 Ensure 'Interactive logon: Smart card removal behavior' is set to 'Lock Workstation' or higherWindowsCIS Windows 7 Workstation Level 1 + Bitlocker v3.2.0
5.006 - The system configuration is not set with a password-protected screen saver. - ScreenSaveActiveWindowsDISA Windows Vista STIG v6r41
5.006 - The system configuration is not set with a password-protected screen saver. - ScreenSaverIsSecureWindowsDISA Windows Vista STIG v6r41
5.006 - The system configuration is not set with a password-protected screen saver. - ScreenSaveTimeOutWindowsDISA Windows Vista STIG v6r41
18.4.10 Ensure 'MSS: (ScreenSaverGracePeriod) The time in seconds before the screen saver grace period expires (0 recommended)' is set to 'Enabled: 5 or fewer seconds'WindowsCIS Windows 7 Workstation Level 1 + Bitlocker v3.2.0
18.4.10 Ensure 'MSS: (ScreenSaverGracePeriod) The time in seconds before the screen saver grace period expires (0 recommended)' is set to 'Enabled: 5 or fewer seconds'WindowsCIS Windows 7 Workstation Level 1 v3.2.0
AIX7-00-001028 - AIX must provide the lock command to let users retain their session lock until users are reauthenticated.UnixDISA STIG AIX 7.x v2r9
AIX7-00-001029 - AIX must provide xlock command in the CDE environment to let users retain their sessions lock until users are reauthenticated.UnixDISA STIG AIX 7.x v2r9
AOSX-13-000007 - The macOS system must be configured to prevent Apple Watch from terminating a session lock.UnixDISA STIG Apple Mac OSX 10.13 v2r5
AOSX-13-000020 - The macOS system must retain the session lock until the user reestablishes access using established identification and authentication procedures.UnixDISA STIG Apple Mac OSX 10.13 v2r5
AOSX-13-000025 - The macOS system must initiate the session lock no more than five seconds after a screen saver is started.UnixDISA STIG Apple Mac OSX 10.13 v2r5
AOSX-14-000001 - The macOS system must be configured to prevent Apple Watch from terminating a session lock.UnixDISA STIG Apple Mac OSX 10.14 v2r6
AOSX-14-000002 - The macOS system must retain the session lock until the user reestablishes access using established identification and authentication procedures.UnixDISA STIG Apple Mac OSX 10.14 v2r6
AOSX-14-000003 - The macOS system must initiate the session lock no more than five seconds after a screen saver is started.UnixDISA STIG Apple Mac OSX 10.14 v2r6
AOSX-15-000001 - The macOS system must be configured to prevent Apple Watch from terminating a session lock.UnixDISA STIG Apple Mac OSX 10.15 v1r10
AOSX-15-000002 - The macOS system must retain the session lock until the user reestablishes access using established identification and authentication procedures.UnixDISA STIG Apple Mac OSX 10.15 v1r10
AOSX-15-000003 - The macOS system must initiate the session lock no more than five seconds after a screen saver is started.UnixDISA STIG Apple Mac OSX 10.15 v1r10
APPL-11-000001 - The macOS system must be configured to prevent Apple Watch from terminating a session lock.UnixDISA STIG Apple macOS 11 v1r5
APPL-11-000001 - The macOS system must be configured to prevent Apple Watch from terminating a session lock.UnixDISA STIG Apple macOS 11 v1r8
APPL-11-000002 - The macOS system must retain the session lock until the user reestablishes access using established identification and authentication procedures.UnixDISA STIG Apple macOS 11 v1r5
APPL-11-000002 - The macOS system must retain the session lock until the user reestablishes access using established identification and authentication procedures.UnixDISA STIG Apple macOS 11 v1r8
APPL-11-000003 - The macOS system must initiate the session lock no more than five seconds after a screen saver is started.UnixDISA STIG Apple macOS 11 v1r5
APPL-11-000003 - The macOS system must initiate the session lock no more than five seconds after a screen saver is started.UnixDISA STIG Apple macOS 11 v1r8
APPL-12-000001 - The macOS system must be configured to prevent Apple Watch from terminating a session lock.UnixDISA STIG Apple macOS 12 v1r8
APPL-12-000002 - The macOS system must retain the session lock until the user reestablishes access using established identification and authentication procedures.UnixDISA STIG Apple macOS 12 v1r8
APPL-12-000003 - The macOS system must initiate the session lock no more than five seconds after a screen saver is started.UnixDISA STIG Apple macOS 12 v1r8
APPL-13-000001 - The macOS system must be configured to prevent Apple Watch from terminating a session lock.UnixDISA STIG Apple macOS 13 v1r3
APPL-13-000002 - The macOS system must retain the session lock until the user reestablishes access using established identification and authentication procedures.UnixDISA STIG Apple macOS 13 v1r3
APPL-13-000003 - The macOS system must initiate the session lock no more than five seconds after a screen saver is started.UnixDISA STIG Apple macOS 13 v1r3
Big Sur - Disable TouchID for Unlocking the DeviceUnixNIST macOS Big Sur v1.4.0 - 800-171
Big Sur - Disable TouchID for Unlocking the DeviceUnixNIST macOS Big Sur v1.4.0 - 800-53r4 Moderate
Big Sur - Disable TouchID for Unlocking the DeviceUnixNIST macOS Big Sur v1.4.0 - 800-53r5 Moderate
Big Sur - Disable TouchID for Unlocking the DeviceUnixNIST macOS Big Sur v1.4.0 - 800-53r5 High
Big Sur - Disable TouchID for Unlocking the DeviceUnixNIST macOS Big Sur v1.4.0 - CNSSI 1253
Big Sur - Disable TouchID for Unlocking the DeviceUnixNIST macOS Big Sur v1.4.0 - 800-53r4 High
Big Sur - Disable TouchID for Unlocking the DeviceUnixNIST macOS Big Sur v1.4.0 - All Profiles
Big Sur - Enforce Screen Saver PasswordUnixNIST macOS Big Sur v1.4.0 - 800-53r4 High
Big Sur - Enforce Screen Saver PasswordUnixNIST macOS Big Sur v1.4.0 - CNSSI 1253
Big Sur - Enforce Screen Saver PasswordUnixNIST macOS Big Sur v1.4.0 - 800-53r4 Moderate
Big Sur - Enforce Screen Saver PasswordUnixNIST macOS Big Sur v1.4.0 - All Profiles
Big Sur - Enforce Screen Saver PasswordUnixNIST macOS Big Sur v1.4.0 - 800-53r5 Moderate
Big Sur - Enforce Screen Saver PasswordUnixNIST macOS Big Sur v1.4.0 - 800-171
Big Sur - Enforce Screen Saver PasswordUnixNIST macOS Big Sur v1.4.0 - 800-53r5 High
Big Sur - Enforce Session Lock After Screen Saver is StartedUnixNIST macOS Big Sur v1.4.0 - 800-171
Big Sur - Enforce Session Lock After Screen Saver is StartedUnixNIST macOS Big Sur v1.4.0 - 800-53r4 High
Big Sur - Enforce Session Lock After Screen Saver is StartedUnixNIST macOS Big Sur v1.4.0 - All Profiles