CCI-000058

The information system provides the capability for users to directly initiate session lock mechanisms.

4 rules found Severity: Medium

5 rules found Severity: Medium

1 rule found Severity: Medium

8 rules found Severity: Medium

1 rule found Severity: Medium

1 rule found Severity: Low

6 rules found Severity: Medium

1 rule found Severity: Medium

2 rules found Severity: Medium

1 rule found Severity: Medium

1 rule found Severity: Low

1 rule found Severity: Medium

2 rules found Severity: Medium

2 rules found Severity: Low

2 rules found Severity: Medium

CCI-000058

Enable GNOME3 Screensaver Lock After Idle Period

Install the screen Package

Enable the GNOME3 Screen Locking On Smartcard Removal

Support session locking with tmux

Install the tmux Package

Configure the tmux Lock Command

Prevent user from disabling the screen lock

Check that vlock is installed to allow session locking

Nutanix AOS must disconnect a session after 15 minutes of idle time for all connection types.

Multi-factor authentication must be enabled and enforced on the Tanium Server for all access and all accounts.

The macOS system must be configured to lock the user session when a smart token is removed.

The Ubuntu operating system must be configured for users to directly initiate a session lock for all connection types.

The Ubuntu operating system must allow users to directly initiate a session lock for all connection types.

AIX must be configured to allow users to directly initiate a session lock for all connection types.

The Oracle Linux operating system must enable a user session lock until that user re-establishes access using established identification and authentication procedures.

SLEM 5 must use vlock to allow for session locking.

Multifactor authentication must be enabled and enforced on the Tanium Server for all access and all accounts.

Support session locking with tmux (not enforcing)

The macOS system must configure user session lock when a smart token is removed.

Ubuntu 22.04 LTS must allow users to directly initiate a session lock for all connection types.

OL 8 must enable a user session lock until that user reestablishes access using established identification and authentication procedures for graphical user sessions.

OL 8 must have the tmux package installed.

OL 8 must enable a user session lock until that user re-establishes access using established identification and authentication procedures for command line sessions.

OL 8 must ensure session control is automatically started at shell initialization.

OL 8 must prevent users from disabling session control mechanisms.

OL 8 must enable a user session lock until that user reestablishes access using established identification and authentication procedures for command line sessions.

OL 8 must be able to initiate directly a session lock for all connection types using smartcard when the smartcard is removed.

RHEL 9 must be able to initiate directly a session lock for all connection types using smart card when the smart card is removed.

RHEL 9 must prevent a user from overriding the disabling of the graphical user smart card removal action.

RHEL 9 must enable a user session lock until that user re-establishes access using established identification and authentication procedures for graphical user sessions.

RHEL 9 must prevent a user from overriding the screensaver lock-enabled setting for the graphical user interface.

The SUSE operating system must be able to lock the graphical user interface (GUI).

The SUSE operating system must utilize vlock to allow for session locking.

The operating system must provide the capability for users to directly initiate session lock mechanisms.