Lock Screen Hot

by Doug Fish on May 11, 2016

The information system is configured to provide the capability for users to directly initiate session lock mechanisms.

  • NIST SP 800-53 Revision 4
    Access Control
     
    Procedure:
    The organization conducting the inspection/assessment examines the information system to ensure the organization being inspected/assessed configures the information system to provide the capability for users to directly initiate session lock mechanisms. For information system components that have applicable STIGs or SRGs, the organization conducting the inspection/assessment evaluates the components to ensure that the organization being inspected/assessed has configured the information system in compliance with the applicable STIGs and SRGs pertaining to CCI 58.
     
    Implementation Guidance:
    The organization being inspected/assessed configures the information system to provide the capability for users to directly initiate session lock mechanisms. For information system components that have applicable STIGs or SRGs, the organization being inspected/assessed must comply with the STIG/SRG guidance that pertains to CCI 58.
     
    CCI #: 000058
    CCI Definition: The information system provides the capability for users to directly initiate session lock mechanisms.
     
    Procedure:
    The organization conducting the inspection/assessment examines the information system to ensure the organization being inspected/assessed configures the information system to retain the session lock until the user reestablishes access using established identification and authentication procedures. For information system components that have applicable STIGs or SRGs, the organization conducting the inspection/assessment evaluates the components to ensure that the organization being inspected/assessed has configured the information system in compliance with the applicable STIGs and SRGs pertaining to CCI 56.
     
    Implementation Guidance:
    The organization being inspected/assessed configures the information system to retain the session lock until the user reestablishes access using established identification and authentication procedures. For information system components that have applicable STIGs or SRGs, the organization being inspected/assessed must comply with the STIG/SRG guidance that pertains to CCI 56.
     
    CCI #: 000056
     
    CCI Definition:
    The information system retains the session lock until the user reestablishes access using established identification and authentication procedures.

    Ideas

    Status
  • Please login to view any attachments.

  • The requirement is for the application since we can't control user desktops.

    Thanks,

    Doug
    Doug Fish Commented by Doug Fish June 14, 2016
    Top 50 Reviewer  -  

    The requirement is for the application since we can't control user desktops.

    Thanks,

    Doug

    Hi Doug,

    Lock screens are typically provided by the operating system environment. Since the OS provides a lock screen, that is the mechanism that would be used to protect an SBM session.
    David J. Easter Commented by David J. Easter June 14, 2016
    #1 Reviewer  -  

    Hi Doug,

    Lock screens are typically provided by the operating system environment. Since the OS provides a lock screen, that is the mechanism that would be used to protect an SBM session.

     

PrintEmail

Recent Tweets