Changes are coming to https://stigviewer.com.
Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey
The system must be configured with a password-protected screen saver.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| V-1122 | 5.006 | SV-25201r2_rule | PESL-1 | Medium |
| Description |
|---|
| Unattended systems are susceptible to unauthorized use and must be locked when unattended. Enabling a password-protected screen saver to engage after a specified period of time helps protects critical and sensitive data from exposure to unauthorized personnel with physical access to the computer. |
| STIG | Date |
|---|---|
| Windows 7 Security Technical Implementation Guide | 2015-09-02 |
Details
| Check Text ( C-62055r3_chk ) |
|---|
| If any of the registry values do not exist or are not configured as follows, this is a finding: Registry Hive: HKEY_CURRENT_USER Registry Path: \SOFTWARE\Policies\Microsoft\Windows\Control Panel\Desktop\ Value Name: ScreenSaveActive Value Type: REG_SZ Value: 1 Value Name: ScreenSaverIsSecure Value Type: REG_SZ Value: 1 Value Name: ScreenSaveTimeout Value Type: REG_SZ Value: 900 (or less) Applications requiring continuous, real-time screen display (e.g., network management products) require the following and must be documented with the ISSO. -The logon session does not have administrator rights. -The display station (e.g., keyboard, monitor, etc.) is located in a controlled access area. |
| Fix Text (F-66953r1_fix) |
|---|
| Configure the policy values for User Configuration >> Administrative Templates >> Control Panel >> Personalization >> as follows: "Enable Screen Saver" to "Enabled". "Password protect the screen saver" to "Enabled". "Screen Saver timeout" to "Enabled: 900 seconds" (or less). |