Skip to content
Log In

CCI-000056

Retain the device lock until the user reestablishes access using established identification and authentication procedures.

Set GNOME3 Screensaver Lock Delay After Activation Period

4 rules found Severity: Medium

Logo

Enable GNOME3 Screensaver Lock After Idle Period

17 rules found Severity: Medium

Logo

Ensure Users Cannot Change GNOME3 Screensaver Lock After Idle Period

12 rules found Severity: Medium

Logo

Enable the GNOME3 Screen Locking On Smartcard Removal

9 rules found Severity: Medium

Logo

Install the tmux Package

11 rules found Severity: Medium

Logo

Support session locking with tmux

8 rules found Severity: Medium

Logo

Support session locking with tmux (not enforcing)

6 rules found Severity: Medium

Logo

Configure the tmux Lock Command

10 rules found Severity: Medium

Logo

Configure the tmux lock session key binding

9 rules found Severity: Low

Logo

Prevent user from disabling the screen lock

10 rules found Severity: Low

Logo

Check that vlock is installed to allow session locking

6 rules found Severity: Medium

Logo

Common Access Card (CAC)-based authentication must be enabled and enforced on the Tanium Server for all access and all accounts.

2 rules found Severity: Medium

Logo

Multi-factor authentication must be enabled and enforced on the Tanium Server for all access and all accounts.

1 rule found Severity: Medium

Logo

The macOS system must be configured to prevent Apple Watch from terminating a session lock.

2 rules found Severity: Medium

Logo

The macOS system must retain the session lock until the user reestablishes access using established identification and authentication procedures.

2 rules found Severity: Medium

Logo

The macOS system must initiate the session lock no more than five seconds after a screen saver is started.

2 rules found Severity: Medium

Logo

The Ubuntu operating system must retain a users session lock until that user reestablishes access using established identification and authentication procedures.

1 rule found Severity: Medium

Logo

The Red Hat Enterprise Linux operating system must enable a user session lock until that user re-establishes access using established identification and authentication procedures.

1 rule found Severity: Medium

Logo

The Ubuntu operating system must retain a user's session lock until that user reestablishes access using established identification and authentication procedures.

1 rule found Severity: Medium

Logo

AIX must provide the lock command to let users retain their session lock until users are reauthenticated.

1 rule found Severity: Medium

Logo

AIX must provide xlock command in the CDE environment to let users retain their sessions lock until users are reauthenticated.

1 rule found Severity: Medium

Logo

Windows 11 must be configured to prevent Windows apps from being activated by voice while the system is locked.

1 rule found Severity: Medium

Logo

The network device must retain the session lock until the administrator reestablishes access using established identification and authentication procedures.

1 rule found Severity: Medium

Logo

The Oracle Linux operating system must enable a user session lock until that user re-establishes access using established identification and authentication procedures.

1 rule found Severity: Medium

Logo

SLEM 5 must use vlock to allow for session locking.

1 rule found Severity: Medium

Logo

Multifactor authentication must be enabled and enforced on the Tanium Server for all access and all accounts.

2 rules found Severity: Medium

Logo

TOSS must retain a user's session lock until that user reestablishes access using established identification and authentication procedures.

1 rule found Severity: Medium

Logo

NixOS must provide the capability for users to directly initiate a session lock for all connection types.

1 rule found Severity: Medium

Logo

The macOS system must prevent Apple Watch from terminating a session lock.

2 rules found Severity: Medium

Logo

The macOS system must enforce screen saver password.

2 rules found Severity: Medium

Logo

The macOS system must enforce session lock no more than five seconds after screen saver is started.

2 rules found Severity: Medium

Logo

The macOS system must disable TouchID for unlocking the device.

2 rules found Severity: Medium

Logo

The ALG providing user access control intermediary services must retain the session lock until the user reestablishes access using established identification and authentication procedures.

1 rule found Severity: Medium

Logo

Ubuntu 22.04 LTS must retain a user's session lock until that user reestablishes access using established identification and authentication procedures.

1 rule found Severity: Medium

Logo

AlmaLinux OS 9 must be able to directly initiate a session lock for all connection types using smart card when the smart card is removed.

1 rule found Severity: Medium

Logo

AlmaLinux OS 9 must prevent a user from overriding the disabling of the graphical user smart card removal action.

1 rule found Severity: Medium

Logo

The operating system must retain a users session lock until that user reestablishes access using established identification and authentication procedures.

1 rule found Severity: Medium

Logo

IBM z/OS must employ a session manager to manage retaining a users session lock until that user reestablishes access using established identification and authentication procedures.

3 rules found Severity: Medium

Logo

The Mainframe Product must retain the session lock until the user reestablishes access using established identification and authentication procedures.

1 rule found Severity: Medium

Logo

Windows Server 2019 machine inactivity limit must be set to 15 minutes or less, locking the system with the screen saver.

1 rule found Severity: Medium

Logo

Windows 10 must be configured to prevent Windows apps from being activated by voice while the system is locked.

1 rule found Severity: Medium

Logo

Windows Server 2022 machine inactivity limit must be set to 15 minutes or less, locking the system with the screen saver.

1 rule found Severity: Medium

Logo

OL 8 must enable a user session lock until that user reestablishes access using established identification and authentication procedures for graphical user sessions.

1 rule found Severity: Medium

Logo

OL 8 must have the tmux package installed.

1 rule found Severity: Medium

Logo

OL 8 must enable a user session lock until that user re-establishes access using established identification and authentication procedures for command line sessions.

1 rule found Severity: Medium

Logo

OL 8 must ensure session control is automatically started at shell initialization.

1 rule found Severity: Medium

Logo

OL 8 must prevent users from disabling session control mechanisms.

1 rule found Severity: Low

Logo

OL 8 must enable a user session lock until that user reestablishes access using established identification and authentication procedures for command line sessions.

1 rule found Severity: Medium

Logo

OL 8 must be able to initiate directly a session lock for all connection types using smartcard when the smartcard is removed.

1 rule found Severity: Medium

Logo

RHEL 8 must enable a user session lock until that user re-establishes access using established identification and authentication procedures for graphical user sessions.

1 rule found Severity: Medium

Logo

RHEL 8 must be able to initiate directly a session lock for all connection types using smartcard when the smartcard is removed.

1 rule found Severity: Medium

Logo

RHEL 9 must be able to initiate directly a session lock for all connection types using smart card when the smart card is removed.

1 rule found Severity: Medium

Logo

RHEL 9 must prevent a user from overriding the disabling of the graphical user smart card removal action.

1 rule found Severity: Medium

Logo

RHEL 9 must enable a user session lock until that user re-establishes access using established identification and authentication procedures for graphical user sessions.

1 rule found Severity: Medium

Logo

RHEL 9 must prevent a user from overriding the screensaver lock-enabled setting for the graphical user interface.

1 rule found Severity: Medium

Logo

The SUSE operating system must be able to lock the graphical user interface (GUI).

2 rules found Severity: Medium

Logo

The SUSE operating system must utilize vlock to allow for session locking.

2 rules found Severity: Low

Logo

The system must require users to re-authenticate to unlock a graphical desktop environment.

2 rules found Severity: Medium

Logo

The VMM must retain the session lock until the user reestablishes access using established identification and authentication procedures.

1 rule found Severity: Medium

Logo

The MDM server must retain the session lock until the user reestablishes access using established identification and authentication procedures.

1 rule found Severity: Medium

Logo