UCF STIG Viewer Logo
Changes are coming to https://stigviewer.com. Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey

The system configuration is not set with a password-protected screen saver.


Overview

Finding ID Version Rule ID IA Controls Severity
V-1122 5.006 SV-29501r1_rule Medium
Description
The system should be locked when unattended. Unattended systems are susceptible to unauthorized use. The screen saver should be set at a maximum of 15 minutes and password protected. This protects critical and sensitive data from exposure to unauthorized personnel with physical access to the computer.
STIG Date
Windows 2008 Domain Controller Security Technical Implementation Guide 2016-12-15

Details

Check Text ( C-518r1_chk )
If the any of the registry values don’t exist or are not configured as follows, then this is a finding:

Registry Hive: HKEY_CURRENT_USER
Subkey: \Software\Policies\Microsoft\Windows\Control Panel\Desktop\

Value Name: ScreenSaveActive
Type: REG_SZ
Value: 1

Value Name: ScreenSaverIsSecure
Type: REG_SZ
Value: 1

Value Name: ScreenSaveTimeOut
Type: REG_SZ
Value: 900 (or less)

Documentable Explanation: Terminal servers and applications requiring continuous, real-time screen display (i.e., network management products) require the following and need to be documented with the IAO.

-The logon session does not have administrator rights.
-The display station (i.e., keyboard, monitor, etc.) is located in a controlled access area.
Fix Text (F-5816r1_fix)
Configure The policy values for User Configuration -> Administrative Templates -> Control Panel -> Display as follows:

“Screen Saver” will be set to “Enabled” (“Activate screen saver” on Windows 2000)

“Password protect the screen saver” will be set to “Enabled”

“Screen Saver timeout” will be set to “Enabled: 900 seconds” (or less)