Skip to content
Log In

CCI-000060

Conceal, via the device lock, information previously visible on the display with a publicly viewable image.

Set GNOME3 Screensaver Inactivity Timeout

17 rules found Severity: Medium

Logo

Set GNOME3 Screensaver Lock Delay After Activation Period

4 rules found Severity: Medium

Logo

Enable GNOME3 Screensaver Lock After Idle Period

4 rules found Severity: Medium

Logo

Implement Blank Screensaver

16 rules found Severity: Medium

Logo

Ensure Users Cannot Change GNOME3 Screensaver Settings

4 rules found Severity: Medium

Logo

Ensure Users Cannot Change GNOME3 Session Idle Settings

15 rules found Severity: Medium

Logo

Configure tmux to lock session after inactivity

10 rules found Severity: Medium

Logo

Check that vlock is installed to allow session locking

6 rules found Severity: Medium

Logo

Apple iOS/iPadOS 15 must be configured to not display notifications when the device is locked.

1 rule found Severity: Medium

Logo

Apple iOS/iPadOS 15 must not display notifications (calendar information) when the device is locked.

1 rule found Severity: Medium

Logo

The Lifetime Minutes and Renewal Threshold Minutes Login Session Controls must be set to 10 and 0 respectively in Docker Enterprise.

1 rule found Severity: Medium

Logo

Google Android 12 must be configured to not display the following (work profile) notifications when the device is locked: [selection: a. email notifications b. calendar appointments c. contact associated with phone call notification d. text message notification e. other application-based notifications f. all notifications].

2 rules found Severity: Medium

Logo

Microsoft Android 11 must be configured to not display the following (work profile) notifications when the device is locked: [selection:- Email notifications - Calendar appointments - Contact associated with phone call notification - Text message notification- Other application-based notifications- All notifications].

1 rule found Severity: Medium

Logo

Microsoft Android 11 must be configured to not display the following (work profile) notifications when the device is locked: [selection: - Email notifications - Calendar appointments - Contact associated with phone call notification - Text message notification - Other application-based notifications - All notifications].

1 rule found Severity: Medium

Logo

Nutanix AOS must disconnect a session after 15 minutes of idle time for all connection types.

1 rule found Severity: Medium

Logo

If TLS optimization is used, the Riverbed Optimization System (RiOS) providing Signed SMB and/or Encrypted MAPI must ensure the integrity and confidentiality of data transmitted over the WAN.

1 rule found Severity: Medium

Logo

The Tanium application must retain the session lock until the user reestablishes access using established identification and authentication procedures.

2 rules found Severity: Medium

Logo

Multi-factor authentication must be enabled and enforced on the Tanium Server for all access and all accounts.

1 rule found Severity: Medium

Logo

Apple iOS/iPadOS 16 must be configured to not display notifications when the device is locked.

2 rules found Severity: Medium

Logo

Apple iOS/iPadOS 16 must not display notifications (calendar information) when the device is locked.

2 rules found Severity: Medium

Logo

The macOS system must conceal, via the session lock, information previously visible on the display with a publicly viewable image.

1 rule found Severity: Low

Logo

The macOS system must be configured to disable hot corners.

2 rules found Severity: Medium

Logo

The Ubuntu operating system must be configured for users to directly initiate a session lock for all connection types.

1 rule found Severity: Medium

Logo

Samsung Android must be configured to not display the following (Work Environment) notifications when the device is locked: all notifications.

2 rules found Severity: Medium

Logo

Apple iOS/iPadOS 17 must be configured to not display notifications when the device is locked.

2 rules found Severity: Medium

Logo

Apple iOS/iPadOS 17 must not display notifications (calendar information) when the device is locked.

2 rules found Severity: Medium

Logo

The macOS system must conceal, via the session lock, information previously visible on the display with a publicly viewable image.

1 rule found Severity: Medium

Logo

The Ubuntu operating system must allow users to directly initiate a session lock for all connection types.

1 rule found Severity: Medium

Logo

Google Android 14 must be configured to not display the following (work profile) notifications when the device is locked: [selection: a. email notifications b. calendar appointments c. contact associated with phone call notification d. text message notification e. other application-based notifications f. all notifications].

1 rule found Severity: Medium

Logo

Google Android 13 must be configured to not display the following (work profile) notifications when the device is locked: [selection: a. email notifications b. calendar appointments c. contact associated with phone call notification d. text message notification e. other application-based notifications f. all notifications].

1 rule found Severity: Medium

Logo

AIX CDE must conceal, via the session lock, information previously visible on the display with a publicly viewable image.

1 rule found Severity: Medium

Logo

Windows Ink Workspace must be configured to disallow access above the lock.

1 rule found Severity: Medium

Logo

The network device must conceal, via the session lock, information previously visible on the display with a publicly viewable image.

1 rule found Severity: Medium

Logo

SLEM 5 must use vlock to allow for session locking.

1 rule found Severity: Medium

Logo

Samsung Android must be configured to not display the following (Work Environment) notifications when the device is locked: All notifications.

7 rules found Severity: Medium

Logo

Multifactor authentication must be enabled and enforced on the Tanium Server for all access and all accounts.

1 rule found Severity: Medium

Logo

TOSS must retain a user's session lock until that user reestablishes access using established identification and authentication procedures.

1 rule found Severity: Medium

Logo

Support session locking with tmux (not enforcing)

5 rules found Severity: Medium

Logo

NixOS must provide the capability for users to directly initiate a session lock for all connection types.

1 rule found Severity: Medium

Logo

The macOS system must disable hot corners.

2 rules found Severity: Medium

Logo

Apple iOS/iPadOS 18 must be configured to not display notifications when the device is locked.

1 rule found Severity: Medium

Logo

Apple iOS/iPadOS 18 must not display notifications (calendar information) when the device is locked.

1 rule found Severity: Medium

Logo

The macOS system must prevent AdminHostInfo from being available at LoginWindow.

1 rule found Severity: Medium

Logo

The ALG providing user access control intermediary services must conceal, via the session lock, information previously visible on the display with a publicly viewable image.

1 rule found Severity: Medium

Logo

Ubuntu 22.04 LTS must allow users to directly initiate a session lock for all connection types.

1 rule found Severity: Medium

Logo

AlmaLinux OS 9 must automatically lock graphical user sessions after 15 minutes of inactivity.

1 rule found Severity: Medium

Logo

AlmaLinux OS 9 must conceal, via the session lock, information previously visible on the display with a publicly viewable image.

1 rule found Severity: Medium

Logo

AlmaLinux OS 9 must prevent a user from overriding the session idle-delay setting for the graphical user interface.

1 rule found Severity: Medium

Logo

Dragos must configure idle timeouts at 10 minutes.

1 rule found Severity: Medium

Logo

Google Android 13 must be configured to not display the following (work profile) notifications when the device is locked: [selection: a. email notifications b. calendar appointments c. contact associated with phone call notification d. text message notification e. other application-based notifications f. all notifications].

2 rules found Severity: Medium

Logo

Google Android 14 must be configured to not display the following (work profile) notifications when the device is locked: [selection: a. email notifications b. calendar appointments c. contact associated with phone call notification d. text message notification e. other application-based notifications f. all notifications].

2 rules found Severity: Medium

Logo

Google Android 15 must be configured to not display the following (work profile) notifications when the device is locked: [selection: a. email notifications b. calendar appointments c. contact associated with phone call notification d. text message notification e. other application-based notifications f. all notifications].

2 rules found Severity: Medium

Logo

The operating system must conceal, via the session lock, information previously visible on the display with a publicly viewable image.

1 rule found Severity: Medium

Logo

IBM z/OS must employ a session manager that conceal, via the session lock, information previously visible on the display with a publicly viewable image.

1 rule found Severity: Medium

Logo

The IBM z/OS must employ a session manager that conceals, via the session lock, information previously visible on the display with a publicly viewable image.

1 rule found Severity: Medium

Logo

IBM z/OS must employ a session manager to conceal, via the session lock, information previously visible on the display with a publicly viewable image.

1 rule found Severity: Medium

Logo

The Mainframe Product must conceal, via the session lock, information previously visible on the display with a publicly viewable image.

1 rule found Severity: Medium

Logo

Windows Server 2019 machine inactivity limit must be set to 15 minutes or less, locking the system with the screen saver.

1 rule found Severity: Medium

Logo

Windows Server 2022 machine inactivity limit must be set to 15 minutes or less, locking the system with the screen saver.

1 rule found Severity: Medium

Logo

OL 8 must initiate a session lock for graphical user interfaces when the screensaver is activated.

1 rule found Severity: Medium

Logo

OL 8 must automatically lock graphical user sessions after 15 minutes of inactivity.

1 rule found Severity: Medium

Logo

OL 8 must automatically lock command line user sessions after 15 minutes of inactivity.

1 rule found Severity: Medium

Logo

OL 8 must prevent a user from overriding the session lock-delay setting for the graphical user interface.

1 rule found Severity: Medium

Logo

OL 8 must prevent a user from overriding the session idle-delay setting for the graphical user interface.

1 rule found Severity: Medium

Logo

OL 8 must prevent a user from overriding the session lock-enabled setting for the graphical user interface.

1 rule found Severity: Medium

Logo

RHEL 9 must automatically lock graphical user sessions after 15 minutes of inactivity.

1 rule found Severity: Medium

Logo

RHEL 9 must prevent a user from overriding the session idle-delay setting for the graphical user interface.

1 rule found Severity: Medium

Logo

RHEL 9 must conceal, via the session lock, information previously visible on the display with a publicly viewable image.

1 rule found Severity: Medium

Logo

The SUSE operating system must be able to lock the graphical user interface (GUI).

2 rules found Severity: Medium

Logo

The SUSE operating system must utilize vlock to allow for session locking.

2 rules found Severity: Low

Logo

The SUSE operating system must conceal, via the session lock, information previously visible on the display with a publicly viewable image in the graphical user interface.

1 rule found Severity: Low

Logo

The SUSE operating system must conceal, via the session lock, information previously visible on the display with a publicly viewable image in the graphical user interface (GUI).

1 rule found Severity: Low

Logo

The operating system session lock mechanism, when activated on a device with a display screen, must place a publicly viewable pattern onto the associated display, hiding what was previously visible on the screen.

2 rules found Severity: Medium

Logo

The VMM must conceal, via the session lock, information previously visible on the display with a publicly viewable image.

1 rule found Severity: Medium

Logo

The UEM server must conceal, via the session lock, information previously visible on the display with a publicly viewable image.

1 rule found Severity: Medium

Logo

Zebra Android 13 must be configured to not display the following (work profile) notifications when the device is locked: [selection: a. email notifications b. calendar appointments c. contact associated with phone call notification d. text message notification e. other application-based notifications f. all notifications].

2 rules found Severity: Medium

Logo