Capacity
CCI-000057
The information system initiates a session lock after the organization-defined time period of inactivity.
13
Rule
Severity: Medium
Enable GNOME3 Screensaver Idle Activation
10
Rule
Severity: Medium
Ensure Users Cannot Change GNOME3 Screensaver Idle Activation
13
Rule
Severity: Medium
Set GNOME3 Screensaver Inactivity Timeout
12
Rule
Severity: Medium
Set GNOME3 Screensaver Lock Delay After Activation Period
11
Rule
Severity: Medium
Ensure Users Cannot Change GNOME3 Screensaver Lock After Idle Period
11
Rule
Severity: Medium
Ensure Users Cannot Change GNOME3 Screensaver Settings
13
Rule
Severity: Medium
Ensure Users Cannot Change GNOME3 Session Idle Settings
23
Rule
Severity: Medium
Set Interactive Session Timeout
5
Rule
Severity: Medium
Install the screen Package
8
Rule
Severity: Medium
Configure tmux to lock session after inactivity
1
Rule
Severity: Medium
Compliance Guardian must initiate a session timeout after a 15-minute period of inactivity.
1
Rule
Severity: Medium
The Akamai Luna Portal must initiate a session logoff after a 15-minute period of inactivity.
1
Rule
Severity: Medium
Apple iOS/iPadOS 15 must be configured to enable a screen-lock policy that will lock the display after a period of inactivity.
1
Rule
Severity: Medium
Apple iOS/iPadOS 15 must be configured to lock the display after 15 minutes (or less) of inactivity.
2
Rule
Severity: Medium
The ALG providing user access control intermediary services must initiate a session lock after a 15-minute period of inactivity.
1
Rule
Severity: Medium
DocAve must initiate a session lock after a 15-minute period of inactivity.
1
Rule
Severity: Medium
The BlackBerry UEM server or platform must be configured to initiate a session lock after a 15-minute period of inactivity.
1
Rule
Severity: Medium
The application must initiate a session lock after a 15-minute period of inactivity.
1
Rule
Severity: Medium
The Lifetime Minutes and Renewal Threshold Minutes Login Session Controls must be set to 10 and 0 respectively in Docker Enterprise.
2
Rule
Severity: Medium
Google Android 12 must be configured to enable a screen-lock policy that will lock the display after a period of inactivity.
2
Rule
Severity: Medium
Google Android 12 must be configured to lock the display after 15 minutes (or less) of inactivity.
6
Rule
Severity: Medium
Google Android 13 must be configured to enable a screen-lock policy that will lock the display after a period of inactivity.
6
Rule
Severity: Medium
Google Android 13 must be configured to lock the display after 15 minutes (or less) of inactivity.
1
Rule
Severity: Medium
The HYCU 4.1 application and server must initiate a session lock after a 15-minute period of inactivity.
1
Rule
Severity: Medium
The Ivanti MobileIron Core server must initiate a session lock after a 15-minute period of inactivity.
1
Rule
Severity: Medium
MobileIron Sentry must initiate a session lock after a 15-minute period of inactivity.
2
Rule
Severity: Medium
The ISEC7 EMM Suite must initiate a session lock after a 15-minute period of inactivity.
2
Rule
Severity: Medium
The Jamf Pro EMM server or platform must be configured to initiate a session lock after a 15-minute period of inactivity.
2
Rule
Severity: Medium
The Mainframe Product must initiate a session lock after a 15-minute period of inactivity.
1
Rule
Severity: Medium
The MobileIron Core v10 server or platform must be configured to initiate a session lock after a 15-minute period of inactivity.
2
Rule
Severity: Medium
Microsoft Android 11 must be configured to enable a screen-lock policy that will lock the display after a period of inactivity.
2
Rule
Severity: Medium
Microsoft Android 11 must be configured to lock the display after 15 minutes (or less) of inactivity.
1
Rule
Severity: Medium
Motorola Solutions Android 11 must be configured to enable a screen-lock policy that will lock the display after a period of inactivity.
1
Rule
Severity: Medium
Motorola Solutions Android 11 must be configured to lock the display after 15 minutes (or less) of inactivity.
1
Rule
Severity: Medium
SharePoint must support the requirement to initiate a session lock after 15 minutes of system or application inactivity has transpired.
2
Rule
Severity: Medium
The network device must initiate a session lock after a 15-minute period of inactivity.
2
Rule
Severity: Medium
ONTAP must be configured to create a session lock after 15 minutes.
1
Rule
Severity: Medium
Nutanix AOS must disconnect a session after 15 minutes of idle time for all connection types.
13
Rule
Severity: Medium
Samsung Android must be configured to lock the display after 15 minutes (or less) of inactivity.
1
Rule
Severity: Medium
The Samsung SDS EMM or platform must be configured to initiate a session lock after a 15-minute period of inactivity.
8
Rule
Severity: Medium
Samsung Android must be configured to enable a screen-lock policy that will lock the display after a period of inactivity.
1
Rule
Severity: Medium
The Tanium Server console must be configured to initiate a session lock after a 15-minute period of inactivity.
5
Rule
Severity: Medium
The Tanium Application Server console must be configured to initiate a session lock after a 15-minute period of inactivity.
2
Rule
Severity: Medium
The UEM server must initiate a session lock after a 15-minute period of inactivity.
1
Rule
Severity: Medium
The Workspace ONE UEM server or platform must be configured to initiate a session lock after a 15-minute period of inactivity.
2
Rule
Severity: Medium
The Remote Access VPN Gateway must terminate remote access network connections after an organization-defined time period.
2
Rule
Severity: Medium
The terminal or workstation must lock out after a maximum of 15 minutes of inactivity, requiring the account password to resume.
3
Rule
Severity: Medium
Apple iOS/iPadOS 16 must be configured to enable a screen-lock policy that will lock the display after a period of inactivity.
3
Rule
Severity: Medium
Apple iOS/iPadOS 16 must be configured to lock the display after 15 minutes (or less) of inactivity.
2
Rule
Severity: Medium
Apple iOS/iPadOS 17 must be configured to enable a screen-lock policy that will lock the display after a period of inactivity.
3
Rule
Severity: Medium
Apple iOS/iPadOS 17 must be configured to lock the display after 15 minutes (or less) of inactivity.
4
Rule
Severity: Medium
The macOS system must initiate a session lock after a 15-minute period of inactivity.
2
Rule
Severity: Medium
The macOS system must prevent AdminHostInfo from being available at LoginWindow.
3
Rule
Severity: Medium
The macOS system must enforce screen saver timeout.
1
Rule
Severity: Medium
The Ubuntu operating system must initiate a session lock after a 15-minute period of inactivity for all connection types.
2
Rule
Severity: Medium
The Ubuntu operating system must retain a user's session lock until that user reestablishes access using established identification and authentication procedures.
3
Rule
Severity: Medium
Google Android 14 must be configured to enable a screen-lock policy that will lock the display after a period of inactivity.
5
Rule
Severity: Medium
Google Android 14 must be configured to lock the display after 15 minutes (or less) of inactivity.
2
Rule
Severity: Medium
The operating system must initiate a session lock after a 15-minute period of inactivity for all connection types.
2
Rule
Severity: Medium
AIX must automatically lock after 15 minutes of inactivity in the CDE Graphical desktop environment.
4
Rule
Severity: Medium
IBM z/OS must employ a session manager to manage session lock after a 15-minute period of inactivity.
2
Rule
Severity: Medium
IBM z/OS Session manager must properly configure wait time limits.
2
Rule
Severity: Medium
IBM z/OS must employ a session manager to initiate a session lock after a 15-minute period of inactivity for all connection types.
2
Rule
Severity: Medium
The ICS must terminate remote access network connections after an organization-defined time period.
2
Rule
Severity: Medium
The machine inactivity limit must be set to 15 minutes, locking the system with the screensaver.
2
Rule
Severity: Medium
The machine inactivity limit must be set to 15 minutes, locking the system with the screen saver.
2
Rule
Severity: Medium
Windows Server 2019 machine inactivity limit must be set to 15 minutes or less, locking the system with the screen saver.
2
Rule
Severity: Medium
Windows Server 2022 machine inactivity limit must be set to 15 minutes or less, locking the system with the screen saver.
3
Rule
Severity: Medium
The WLAN inactive/idle session timeout must be set for 30 minutes or less.
2
Rule
Severity: Medium
The Oracle Linux operating system must prevent a user from overriding the screensaver lock-enabled setting for the graphical user interface.
2
Rule
Severity: Medium
The Oracle Linux operating system must initiate a screensaver after a 15-minute period of inactivity for graphical user interfaces.
2
Rule
Severity: Medium
The Oracle Linux operating system must prevent a user from overriding the screensaver lock-delay setting for the graphical user interface.
2
Rule
Severity: Medium
The Oracle Linux operating system must prevent a user from overriding the session idle-delay setting for the graphical user interface.
2
Rule
Severity: Medium
The Oracle Linux operating system must initiate a session lock for the screensaver after a period of inactivity for graphical user interfaces.
2
Rule
Severity: Medium
The Oracle Linux operating system must prevent a user from overriding the screensaver idle-activation-enabled setting for the graphical user interface.
2
Rule
Severity: Medium
The Oracle Linux operating system must initiate a session lock for graphical user interfaces when the screensaver is activated.
2
Rule
Severity: Medium
The Oracle Linux operating system must have the screen package installed.
2
Rule
Severity: Medium
OL 8 must initiate a session lock for graphical user interfaces when the screensaver is activated.
2
Rule
Severity: Medium
OL 8 must automatically lock graphical user sessions after 15 minutes of inactivity.
2
Rule
Severity: Medium
OL 8 must automatically lock command line user sessions after 15 minutes of inactivity.
2
Rule
Severity: Medium
OL 8 must prevent a user from overriding the session lock-delay setting for the graphical user interface.
2
Rule
Severity: Medium
OL 8 must prevent a user from overriding the session idle-delay setting for the graphical user interface.
2
Rule
Severity: Medium
OL 8 must prevent a user from overriding the session lock-enabled setting for the graphical user interface.
1
Rule
Severity: Medium
The Red Hat Enterprise Linux operating system must initiate a screensaver after a 15-minute period of inactivity for graphical user interfaces.
1
Rule
Severity: Medium
The Red Hat Enterprise Linux operating system must prevent a user from overriding the screensaver lock-delay setting for the graphical user interface.
1
Rule
Severity: Medium
The Red Hat Enterprise Linux operating system must prevent a user from overriding the session idle-delay setting for the graphical user interface.
1
Rule
Severity: Medium
The Red Hat Enterprise Linux operating system must initiate a session lock for the screensaver after a period of inactivity for graphical user interfaces.
1
Rule
Severity: Medium
The Red Hat Enterprise Linux operating system must prevent a user from overriding the screensaver idle-activation-enabled setting for the graphical user interface.
1
Rule
Severity: Medium
The Red Hat Enterprise Linux operating system must initiate a session lock for graphical user interfaces when the screensaver is activated.
2
Rule
Severity: Medium
RHEL 8 must automatically lock graphical user sessions after 15 minutes of inactivity.
1
Rule
Severity: Medium
RHEL 8 must automatically lock command line user sessions after 15 minutes of inactivity.
2
Rule
Severity: Medium
RHEL 8 must prevent a user from overriding the session lock-delay setting for the graphical user interface.
1
Rule
Severity: Medium
The Red Hat Enterprise Linux operating system must prevent a user from overriding the screensaver lock-enabled setting for the graphical user interface.
1
Rule
Severity: Medium
The Red Hat Enterprise Linux operating system must have the screen package installed.
2
Rule
Severity: Medium
The SUSE operating system must initiate a session lock after a 15-minute period of inactivity for the graphical user interface.
2
Rule
Severity: Medium
The SUSE operating system must initiate a session lock after a 15-minute period of inactivity.
2
Rule
Severity: Medium
RHEL 8 must initiate a session lock for graphical user interfaces when the screensaver is activated.
2
Rule
Severity: Medium
RHEL 8 must prevent a user from overriding the session idle-delay setting for the graphical user interface.
2
Rule
Severity: Medium
RHEL 8 must prevent a user from overriding the screensaver lock-enabled setting for the graphical user interface.
2
Rule
Severity: Medium
RHEL 9 must automatically lock graphical user sessions after 15 minutes of inactivity.
2
Rule
Severity: Medium
RHEL 9 must prevent a user from overriding the session idle-delay setting for the graphical user interface.
2
Rule
Severity: Medium
RHEL 9 must initiate a session lock for graphical user interfaces when the screensaver is activated.
2
Rule
Severity: Medium
RHEL 9 must prevent a user from overriding the session lock-delay setting for the graphical user interface.
2
Rule
Severity: Medium
The SUSE operating system must initiate a session lock after a 15-minute period of inactivity for the graphical user interface (GUI).
1
Rule
Severity: Medium
RHEL 9 must automatically lock command line user sessions after 15 minutes of inactivity.
2
Rule
Severity: Medium
RHEL 9 must automatically exit interactive command shell user sessions after 15 minutes of inactivity.
4
Rule
Severity: Medium
Graphical desktop environments provided by the system must automatically lock after 15 minutes of inactivity.
2
Rule
Severity: Medium
The VMM must initiate a session lock after a 15-minute period of inactivity.
3
Rule
Severity: Medium
The ESXi host client must be configured with an idle session timeout.
1
Rule
Severity: Medium
The Photon operating system must set a session inactivity timeout of 15 minutes or less.
1
Rule
Severity: Medium
Zebra Android 11 must be configured to enable a screen-lock policy that will lock the display after a period of inactivity.
1
Rule
Severity: Medium
Zebra Android 11 must be configured to lock the display after 15 minutes (or less) of inactivity.
4
Rule
Severity: Medium
CICS logonid(s) must be configured with proper timeout and signon limits.
2
Rule
Severity: Medium
CICS logonid(s) must have time-out limit set to 15 minutes.
1
Rule
Severity: High
The BIG-IP appliance must be configured to terminate all management sessions after 10 minutes of inactivity.
1
Rule
Severity: Medium
The BIG-IP Core implementation must terminate all communications sessions at the end of the session or as follows: for in-band management sessions (privileged sessions), the session must be terminated after 10 minutes of inactivity, and for user sessions (nonprivileged sessions), the session must be terminated after 15 minutes of inactivity.
2
Rule
Severity: Medium
The macOS system must configure user session lock when a smart token is removed.
1
Rule
Severity: Medium
The ALG providing user access control intermediary services must provide the capability for users to directly initiate a session lock.
1
Rule
Severity: Medium
The Ubuntu operating system must allow users to directly initiate a session lock for all connection types.
1
Rule
Severity: Medium
Ubuntu 22.04 LTS must initiate a graphical session lock after 15 minutes of inactivity.
1
Rule
Severity: Medium
Ubuntu 22.04 LTS must allow users to directly initiate a session lock for all connection types.
1
Rule
Severity: Medium
Dragos must configure idle timeouts at 10 minutes.
1
Rule
Severity: High
The F5 BIG-IP appliance must set the idle time before automatic logout to five minutes of inactivity except to fulfill documented and validated mission requirements.
2
Rule
Severity: Medium
Google Android 15 must be configured to lock the display after 15 minutes (or less) of inactivity.
1
Rule
Severity: Medium
The operating system must provide the capability for users to directly initiate a session lock for all connection types.
1
Rule
Severity: Medium
The HPE Nimble must initiate a session lock after a 15-minute period of inactivity.
1
Rule
Severity: Medium
AIX must be configured to allow users to directly initiate a session lock for all connection types.
1
Rule
Severity: Medium
IBM z/OS must employ a session manager configured for users to directly initiate a session lock for all connection types.
1
Rule
Severity: Medium
The ISEC7 SPHERE must initiate a session lock after a 15-minute period of inactivity.
1
Rule
Severity: Medium
IBM z/OS must employ a session for users to directly initiate a session lock for all connection types.
1
Rule
Severity: Medium
IBM z/OS must employ a session manager for users to directly initiate a session lock for all connection types.
1
Rule
Severity: Medium
The Ivanti EPMM server must initiate a session lock after a 15-minute period of inactivity.
1
Rule
Severity: Medium
Sentry must initiate a session lock after a 15-minute period of inactivity.
1
Rule
Severity: Medium
The Mainframe Product must provide the capability for users to directly initiate a session lock.
1
Rule
Severity: Medium
Microsoft Intune service must initiate a session lock after a 15-minute period of inactivity.
1
Rule
Severity: Medium
The network device must be configured to enable network administrators to directly initiate a session lock.
1
Rule
Severity: Medium
The Oracle Linux operating system must enable a user session lock until that user re-establishes access using established identification and authentication procedures.
1
Rule
Severity: Medium
OL 8 must enable a user session lock until that user reestablishes access using established identification and authentication procedures for graphical user sessions.
1
Rule
Severity: Medium
OL 8 must have the tmux package installed.
1
Rule
Severity: Medium
OL 8 must enable a user session lock until that user re-establishes access using established identification and authentication procedures for command line sessions.
1
Rule
Severity: Medium
OL 8 must ensure session control is automatically started at shell initialization.
1
Rule
Severity: Low
OL 8 must prevent users from disabling session control mechanisms.
1
Rule
Severity: Medium
OL 8 must enable a user session lock until that user reestablishes access using established identification and authentication procedures for command line sessions.
1
Rule
Severity: Medium
OL 8 must be able to initiate directly a session lock for all connection types using smartcard when the smartcard is removed.
1
Rule
Severity: Medium
RHEL 9 must be able to initiate directly a session lock for all connection types using smart card when the smart card is removed.
1
Rule
Severity: Medium
RHEL 9 must prevent a user from overriding the disabling of the graphical user smart card removal action.
1
Rule
Severity: Medium
RHEL 9 must enable a user session lock until that user re-establishes access using established identification and authentication procedures for graphical user sessions.
1
Rule
Severity: Medium
RHEL 9 must prevent a user from overriding the screensaver lock-enabled setting for the graphical user interface.
2
Rule
Severity: Medium
The SUSE operating system must be able to lock the graphical user interface (GUI).
2
Rule
Severity: Low
The SUSE operating system must utilize vlock to allow for session locking.
2
Rule
Severity: Medium
The SUSE operating system must initiate a session lock after a 10-minute period of inactivity.
1
Rule
Severity: Medium
SLEM 5 must initiate a session lock after a 15-minute period of inactivity.
2
Rule
Severity: Medium
The operating system must provide the capability for users to directly initiate session lock mechanisms.
1
Rule
Severity: Medium
Multifactor authentication must be enabled and enforced on the Tanium Server for all access and all accounts.
1
Rule
Severity: Medium
TOSS must retain a user's session lock until that user reestablishes access using established identification and authentication procedures.
1
Rule
Severity: Medium
TOSS must automatically lock graphical user sessions after 15 minutes of inactivity.
1
Rule
Severity: Medium
The VMM must provide the capability for users to directly initiate a session lock.
1
Rule
Severity: Medium
Apple iOS/iPadOS 18 must be configured to lock the display after 15 minutes (or less) of inactivity.
1
Rule
Severity: Medium
The MDM server must provide the capability for users to directly initiate a session lock.
Patternfly
PatternFly elements
The content of the drawer really is up to you. It could have form fields, definition lists, text lists, labels, charts, progress bars, etc. Spacing recommendation is 24px margins. You can put tabs in here, and can also make the drawer scrollable.
Modules