Capacity
CCI-000056
Retain the device lock until the user reestablishes access using established identification and authentication procedures.
12
Rule
Severity: Medium
Set GNOME3 Screensaver Lock Delay After Activation Period
15
Rule
Severity: Medium
Enable GNOME3 Screensaver Lock After Idle Period
11
Rule
Severity: Medium
Ensure Users Cannot Change GNOME3 Screensaver Lock After Idle Period
7
Rule
Severity: Medium
Enable the GNOME3 Screen Locking On Smartcard Removal
9
Rule
Severity: Medium
Install the tmux Package
8
Rule
Severity: Medium
Support session locking with tmux
3
Rule
Severity: Medium
Support session locking with tmux (not enforcing)
8
Rule
Severity: Medium
Configure the tmux Lock Command
4
Rule
Severity: Low
Configure the tmux lock session key binding
8
Rule
Severity: Low
Prevent user from disabling the screen lock
4
Rule
Severity: Medium
Check that vlock is installed to allow session locking
2
Rule
Severity: Medium
The ALG providing user access control intermediary services must retain the session lock until the user reestablishes access using established identification and authentication procedures.
2
Rule
Severity: Medium
The Mainframe Product must retain the session lock until the user reestablishes access using established identification and authentication procedures.
2
Rule
Severity: Medium
The network device must retain the session lock until the administrator reestablishes access using established identification and authentication procedures.
2
Rule
Severity: Medium
Common Access Card (CAC)-based authentication must be enabled and enforced on the Tanium Server for all access and all accounts.
3
Rule
Severity: Medium
Multifactor authentication must be enabled and enforced on the Tanium Server for all access and all accounts.
1
Rule
Severity: Medium
Multi-factor authentication must be enabled and enforced on the Tanium Server for all access and all accounts.
2
Rule
Severity: Medium
The MDM server must retain the session lock until the user reestablishes access using established identification and authentication procedures.
4
Rule
Severity: Medium
The macOS system must be configured to prevent Apple Watch from terminating a session lock.
4
Rule
Severity: Medium
The macOS system must retain the session lock until the user reestablishes access using established identification and authentication procedures.
4
Rule
Severity: Medium
The macOS system must initiate the session lock no more than five seconds after a screen saver is started.
3
Rule
Severity: Medium
The macOS system must enforce screen saver password.
3
Rule
Severity: Medium
The macOS system must enforce session lock no more than five seconds after screen saver is started.
3
Rule
Severity: Medium
The macOS system must disable TouchID for unlocking the device.
1
Rule
Severity: Medium
The Ubuntu operating system must retain a users session lock until that user reestablishes access using established identification and authentication procedures.
2
Rule
Severity: Medium
The Ubuntu operating system must retain a user's session lock until that user reestablishes access using established identification and authentication procedures.
2
Rule
Severity: Medium
The operating system must retain a users session lock until that user reestablishes access using established identification and authentication procedures.
2
Rule
Severity: Medium
AIX must provide the lock command to let users retain their session lock until users are reauthenticated.
2
Rule
Severity: Medium
AIX must provide xlock command in the CDE environment to let users retain their sessions lock until users are reauthenticated.
6
Rule
Severity: Medium
IBM z/OS must employ a session manager to manage retaining a users session lock until that user reestablishes access using established identification and authentication procedures.
2
Rule
Severity: Medium
Windows 10 must be configured to prevent Windows apps from being activated by voice while the system is locked.
2
Rule
Severity: Medium
Windows 11 must be configured to prevent Windows apps from being activated by voice while the system is locked.
2
Rule
Severity: Medium
Windows Server 2019 machine inactivity limit must be set to 15 minutes or less, locking the system with the screen saver.
2
Rule
Severity: Medium
Windows Server 2022 machine inactivity limit must be set to 15 minutes or less, locking the system with the screen saver.
2
Rule
Severity: Medium
The Oracle Linux operating system must enable a user session lock until that user re-establishes access using established identification and authentication procedures.
2
Rule
Severity: Medium
OL 8 must enable a user session lock until that user reestablishes access using established identification and authentication procedures for graphical user sessions.
2
Rule
Severity: Medium
OL 8 must have the tmux package installed.
2
Rule
Severity: Medium
OL 8 must enable a user session lock until that user re-establishes access using established identification and authentication procedures for command line sessions.
2
Rule
Severity: Medium
OL 8 must ensure session control is automatically started at shell initialization.
2
Rule
Severity: Low
OL 8 must prevent users from disabling session control mechanisms.
2
Rule
Severity: Medium
OL 8 must enable a user session lock until that user reestablishes access using established identification and authentication procedures for command line sessions.
2
Rule
Severity: Medium
OL 8 must be able to initiate directly a session lock for all connection types using smartcard when the smartcard is removed.
1
Rule
Severity: Medium
The Red Hat Enterprise Linux operating system must enable a user session lock until that user re-establishes access using established identification and authentication procedures.
2
Rule
Severity: Medium
RHEL 8 must enable a user session lock until that user re-establishes access using established identification and authentication procedures for graphical user sessions.
1
Rule
Severity: Medium
RHEL 8 must enable a user session lock until that user re-establishes access using established identification and authentication procedures for command line sessions.
1
Rule
Severity: Medium
RHEL 8 must ensure session control is automatically started at shell initialization.
1
Rule
Severity: Low
RHEL 8 must prevent users from disabling session control mechanisms.
2
Rule
Severity: Medium
RHEL 8 must be able to initiate directly a session lock for all connection types using smartcard when the smartcard is removed.
4
Rule
Severity: Medium
The SUSE operating system must be able to lock the graphical user interface (GUI).
4
Rule
Severity: Low
The SUSE operating system must utilize vlock to allow for session locking.
1
Rule
Severity: Medium
RHEL 8 must have the tmux package installed.
2
Rule
Severity: Medium
RHEL 9 must be able to initiate directly a session lock for all connection types using smart card when the smart card is removed.
2
Rule
Severity: Medium
RHEL 9 must prevent a user from overriding the disabling of the graphical user smart card removal action.
2
Rule
Severity: Medium
RHEL 9 must enable a user session lock until that user re-establishes access using established identification and authentication procedures for graphical user sessions.
2
Rule
Severity: Medium
RHEL 9 must prevent a user from overriding the screensaver lock-enabled setting for the graphical user interface.
1
Rule
Severity: Medium
RHEL 9 must have the tmux package installed.
1
Rule
Severity: Medium
RHEL 9 must ensure session control is automatically started at shell initialization.
1
Rule
Severity: Medium
RHEL 9 must enable a user session lock until that user re-establishes access using established identification and authentication procedures for command line sessions.
1
Rule
Severity: Low
RHEL 9 must prevent users from disabling session control mechanisms.
4
Rule
Severity: Medium
The system must require users to re-authenticate to unlock a graphical desktop environment.
2
Rule
Severity: Medium
The VMM must retain the session lock until the user reestablishes access using established identification and authentication procedures.
1
Rule
Severity: Medium
The macOS system must prevent Apple Watch from terminating a session lock.
1
Rule
Severity: Medium
Ubuntu 22.04 LTS must retain a user's session lock until that user reestablishes access using established identification and authentication procedures.
1
Rule
Severity: Medium
SLEM 5 must use vlock to allow for session locking.
1
Rule
Severity: Medium
TOSS must retain a user's session lock until that user reestablishes access using established identification and authentication procedures.
Patternfly
PatternFly elements
The content of the drawer really is up to you. It could have form fields, definition lists, text lists, labels, charts, progress bars, etc. Spacing recommendation is 24px margins. You can put tabs in here, and can also make the drawer scrollable.
Modules