The system configuration is not set with a password-protected screen saver.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| V-1122 | 5.006 | SV-25201r1_rule | PESL-1 | Medium |
| Description |
|---|
| The system should be locked when unattended. Unattended systems are susceptible to unauthorized use. The screen saver should be set at a maximum of 15 minutes and be password-protected. This protects critical and sensitive data from exposure to unauthorized personnel with physical access to the computer. |
| STIG | Date |
|---|---|
| Windows 7 Security Technical Implementation Guide | 2014-04-02 |
Details
| Check Text ( C-518r1_chk ) |
|---|
| If the any of the registry values don’t exist or are not configured as follows, then this is a finding: Registry Hive: HKEY_CURRENT_USER Subkey: \Software\Policies\Microsoft\Windows\Control Panel\Desktop\ Value Name: ScreenSaveActive Type: REG_SZ Value: 1 Value Name: ScreenSaverIsSecure Type: REG_SZ Value: 1 Value Name: ScreenSaveTimeOut Type: REG_SZ Value: 900 (or less) Documentable Explanation: Terminal servers and applications requiring continuous, real-time screen display (i.e., network management products) require the following and need to be documented with the IAO. -The logon session does not have administrator rights. -The display station (i.e., keyboard, monitor, etc.) is located in a controlled access area. |
| Fix Text (F-22916r1_fix) |
|---|
| Windows 7 - Configure the policy values for User Configuration -> Administrative Templates -> Control Panel -> Personalization -> as follows: “Enable Screen Saver” will be set to “Enabled”. “Password protect the screen saver” will be set to “Enabled”. “Screen Saver timeout” will be set to “Enabled: 900 seconds” (or less). |