CSCv6|16.5

Title

Configure screen locks on systems to limit access to unattended workstations.

Description

Configure screen locks on systems to limit access to unattended workstations.

Reference Item Details

Category: Account Monitoring and Control

Family: Application

Audit Items

View all Reference Audit Items

NamePluginAudit Name
1.1.1 (L1) Ensure 'Enforce password history' is set to '24 or more password(s)'WindowsCIS Microsoft Windows 8.1 v2.4.1 L1 Bitlocker
1.1.1 Ensure 'Enforce password history' is set to '24 or more password(s)'WindowsCIS Windows 7 Workstation Level 1 + Bitlocker v3.2.0
1.1.1 Ensure 'Enforce password history' is set to '24 or more password(s)'WindowsCIS Windows 7 Workstation Level 1 v3.2.0
1.1.1.4 Set 'Minimum password length' to '14 or more character(s)'WindowsCIS Windows 8 L1 v1.0.0
1.1.1.5 Set 'Enforce password history' to '24 or more password(s)'WindowsCIS Windows 8 L1 v1.0.0
1.1.1.7 Set 'Store passwords using reversible encryption' to 'Disabled'WindowsCIS Windows 8 L1 v1.0.0
1.1.1.8 Set 'Minimum password age' to '1 or more day(s)'WindowsCIS Windows 8 L1 v1.0.0
1.1.1.9 Set 'Maximum password age' to '60 or fewer days'WindowsCIS Windows 8 L1 v1.0.0
1.1.2 (L1) Ensure 'Maximum password age' is set to '60 or fewer days, but not 0'WindowsCIS Microsoft Windows 8.1 v2.4.1 L1 Bitlocker
1.1.2 Ensure 'Maximum password age' is set to '60 or fewer days, but not 0'WindowsCIS Windows 7 Workstation Level 1 v3.2.0
1.1.2 Ensure 'Maximum password age' is set to '60 or fewer days, but not 0'WindowsCIS Windows 7 Workstation Level 1 + Bitlocker v3.2.0
1.1.3 (L1) Ensure 'Minimum password age' is set to '1 or more day(s)'WindowsCIS Microsoft Windows 8.1 v2.4.1 L1 Bitlocker
1.1.3 Ensure 'Minimum password age' is set to '1 or more day(s)'WindowsCIS Windows 7 Workstation Level 1 + Bitlocker v3.2.0
1.1.3 Ensure 'Minimum password age' is set to '1 or more day(s)'WindowsCIS Windows 7 Workstation Level 1 v3.2.0
1.1.3.6.2 Set 'Interactive logon: Smart card removal behavior' to 'Lock Workstation'WindowsCIS Windows 8 L1 v1.0.0
1.1.3.6.10 Set 'Interactive logon: Machine inactivity limit' to '900 or fewer seconds'WindowsCIS Windows 8 L1 v1.0.0
1.1.3.9.14 Set 'MSS: (ScreenSaverGracePeriod) The time in seconds before the screen saver grace period expires (0 recommended)' to '0'WindowsCIS Windows 8 L1 v1.0.0
1.1.4 - AirWatch - Set 'timeout in minutes' for 'Sleep'MDMAirWatch - CIS Google Android 4 v1.0.0 L1
1.1.4 - AirWatch - Set Auto-lock - 'Inactivity Timeout <= 2'MDMAirWatch - CIS Apple iOS 8 v1.0.0 L1
1.1.4 - AirWatch - Set Auto-lock - 'Inactivity Timeout <= 2'MDMAirWatch - CIS Apple iOS 9 v1.0.0 L1
1.1.4 - MobileIron - Set 'timeout in minutes' for 'Sleep'MDMMobileIron - CIS Google Android 4 v1.0.0 L1
1.1.4 - MobileIron - Set Auto-lock - 'Inactivity Timeout <= 2'MDMMobileIron - CIS Apple iOS 9 v1.0.0 L1
1.1.4 - MobileIron - Set Auto-lock - 'Inactivity Timeout <= 2'MDMMobileIron - CIS Apple iOS 8 v1.0.0 L1
1.1.4 (L1) Ensure 'Minimum password length' is set to '14 or more character(s)'WindowsCIS Microsoft Windows 8.1 v2.4.1 L1 Bitlocker
1.1.4 Ensure 'Minimum password length' is set to '14 or more character(s)'WindowsCIS Windows 7 Workstation Level 1 + Bitlocker v3.2.0
1.1.4 Ensure 'Minimum password length' is set to '14 or more character(s)'WindowsCIS Windows 7 Workstation Level 1 v3.2.0
1.1.6 (L1) Ensure 'Store passwords using reversible encryption' is set to 'Disabled'WindowsCIS Microsoft Windows 8.1 v2.4.1 L1 Bitlocker
1.1.6 Ensure 'Store passwords using reversible encryption' is set to 'Disabled'WindowsCIS Windows 7 Workstation Level 1 + Bitlocker v3.2.0
1.1.6 Ensure 'Store passwords using reversible encryption' is set to 'Disabled'WindowsCIS Windows 7 Workstation Level 1 v3.2.0
1.2 Ensure 'Screen Lock' is set to 'Enabled'MDMMobileIron - CIS Google Android v1.3.0 L1
1.2 Ensure 'Screen Lock' is set to 'Enabled'MDMAirWatch - CIS Google Android v1.3.0 L1
1.2.1 Ensure Idle Timeout for Login Sessions is set to 5 minutes - console exec-timeoutCiscoCIS Cisco NX-OS L2 v1.0.0
1.2.1 Ensure Idle Timeout for Login Sessions is set to 5 minutes - console exec-timeoutCiscoCIS Cisco NX-OS L1 v1.0.0
1.2.1 Ensure Idle Timeout for Login Sessions is set to 5 minutes - ssh idle-timeoutCiscoCIS Cisco NX-OS L2 v1.0.0
1.2.1 Ensure Idle Timeout for Login Sessions is set to 5 minutes - ssh idle-timeoutCiscoCIS Cisco NX-OS L1 v1.0.0
1.2.3.2.1 Set 'Turn on PIN sign-in' to 'Disabled'WindowsCIS Windows 8 L1 v1.0.0
1.2.3.2.5 Configure 'Turn off app notifications on the lock screen'WindowsCIS Windows 8 L1 v1.0.0
1.2.3.3.1 Configure 'Turn Off the Display (seconds):'WindowsCIS Windows 8 L1 v1.0.0
1.2.3.3.2 Configure 'Turn Off the Display (seconds):'WindowsCIS Windows 8 L1 v1.0.0
1.2.3.3.3 Set 'Require a Password When a Computer Wakes (Plugged In)' to 'Enabled'WindowsCIS Windows 8 L1 v1.0.0
1.2.3.3.4 Set 'Require a Password When a Computer Wakes (On Battery)' to 'Enabled'WindowsCIS Windows 8 L1 v1.0.0
1.2.4.2.9 Set 'Allow Standby States (S1-S3) When Sleeping (On Battery)' to 'Disabled'WindowsCIS Windows 8 L1 v1.0.0
1.2.4.2.10 Set 'Allow Standby States (S1-S3) When Sleeping (Plugged In)' to 'Disabled'WindowsCIS Windows 8 L1 v1.0.0
1.12 Ensure 'Smart Lock' is set to 'Disabled'MDMMobileIron - CIS Google Android v1.3.0 L2
1.12 Ensure 'Smart Lock' is set to 'Disabled'MDMAirWatch - CIS Google Android v1.3.0 L2
1.20 Ensure 'Ask for unlock pattern/PIN/password before unpinning' is set to 'Enabled'MDMAirWatch - CIS Google Android v1.3.0 L1
1.20 Ensure 'Ask for unlock pattern/PIN/password before unpinning' is set to 'Enabled'MDMMobileIron - CIS Google Android v1.3.0 L1
1.21 Ensure 'Screen timeout' is set to '1 minute or less'MDMMobileIron - CIS Google Android v1.3.0 L1
1.24 Ensure 'Add users from lock screen' is set to 'Disabled'MDMAirWatch - CIS Google Android v1.3.0 L1
1.24 Ensure 'Add users from lock screen' is set to 'Disabled'MDMMobileIron - CIS Google Android v1.3.0 L1