Check: GEN000510
HP-UX 11.31 STIG:
GEN000510
(in versions v1 r19 through v1 r13)
Title
The system must display a publicly-viewable pattern during a graphical desktop environment session lock. (Cat III impact)
Discussion
To protect the on-screen content of a session, it must be replaced with a publicly-viewable pattern upon session lock. Examples of publicly viewable patterns include screen saver patterns, photographic images, solid colors, or a blank screen, so long as none of those patterns convey sensitive information. This requirement applies to graphical desktop environments provided by the system to locally attached displays and input devices, as well as, to graphical desktop environments provided to remote systems using remote access protocols.
Check Content
NOTE: This will virtually always be a manual review. Determine if a publicly-viewable pattern is displayed during a session lock. If the session lock pattern is not publicly-viewable, this is a finding.
Fix Text
Configure the system to display a publicly-viewable pattern during a session lock.
Additional Identifiers
Rule ID: SV-38275r1_rule
Vulnerability ID: V-22301
Group Title: GEN000510
Expert Comments
CCIs
Number | Definition |
---|---|
CCI-000061 |
The organization identifies and defines organization-defined user actions that can be performed on the information system without identification or authentication consistent with organizational missions/business functions. |
Controls
Number | Title |
---|---|
AC-14 |
Permitted Actions Without Identification Or Authentication |