Finding ID | Version | Rule ID | IA Controls | Severity |
---|---|---|---|---|
V-1122 | 5.006 | SV-25201r2_rule | PESL-1 | Medium |
Description |
---|
Unattended systems are susceptible to unauthorized use and must be locked when unattended. Enabling a password-protected screen saver to engage after a specified period of time helps protects critical and sensitive data from exposure to unauthorized personnel with physical access to the computer. |
STIG | Date |
---|---|
Windows 7 Security Technical Implementation Guide | 2015-09-02 |
Check Text ( C-62055r3_chk ) |
---|
If any of the registry values do not exist or are not configured as follows, this is a finding: Registry Hive: HKEY_CURRENT_USER Registry Path: \SOFTWARE\Policies\Microsoft\Windows\Control Panel\Desktop\ Value Name: ScreenSaveActive Value Type: REG_SZ Value: 1 Value Name: ScreenSaverIsSecure Value Type: REG_SZ Value: 1 Value Name: ScreenSaveTimeout Value Type: REG_SZ Value: 900 (or less) Applications requiring continuous, real-time screen display (e.g., network management products) require the following and must be documented with the ISSO. -The logon session does not have administrator rights. -The display station (e.g., keyboard, monitor, etc.) is located in a controlled access area. |
Fix Text (F-66953r1_fix) |
---|
Configure the policy values for User Configuration >> Administrative Templates >> Control Panel >> Personalization >> as follows: "Enable Screen Saver" to "Enabled". "Password protect the screen saver" to "Enabled". "Screen Saver timeout" to "Enabled: 900 seconds" (or less). |