Title

Toast notifications to the lock screen must be turned off. (Cat III impact)

Discussion

Toast notifications that are displayed on the lock screen could display sensitive information to unauthorized personnel. Turning off this feature will limit access to the information to a logged on user.

Check Content

If the following registry value does not exist or is not configured as specified, this is a finding: Registry Hive: HKEY_CURRENT_USER Registry Path: \SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\PushNotifications\ Value Name: NoToastApplicationNotificationOnLockScreen Type: REG_DWORD Value: 1

Fix Text

Configure the policy value for User Configuration -> Administrative Templates -> Start Menu and Taskbar -> Notifications -> "Turn off toast notifications on the lock screen" to "Enabled".

Additional Identifiers

Rule ID: SV-226362r794637_rule

Vulnerability ID: V-226362

Group Title: SRG-OS-000095-GPOS-00049

Expert Comments

CCIs tied to check.

Controls tied to check. These are derived from the CCIs shown above.