The operating system must retain the session lock until the user reestablishes access using established identification and authentication procedures.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| V-29080 | SRG-OS-000028 | SV-37071r1_rule | Medium |
| Description |
|---|
| A session lock is a temporary action taken when a user stops work and moves away from the immediate physical vicinity of the system but does not want to log out because of the temporary nature of the absence. Once invoked, the session lock shall remain in place until the user re-authenticates. No other system activity aside from re-authentication can unlock the system. |
| STIG | Date |
|---|---|
| Operating System Security Requirements Guide | 2013-03-28 |
Details
| Check Text ( None ) |
|---|
| None |
| Fix Text (None) |
|---|
| None |