Title

The screen saver must be password protected. (Cat II impact)

Discussion

Unattended systems are susceptible to unauthorized use and must be locked when unattended. Enabling a password-protected screen saver to engage after a specified period of time helps protects critical and sensitive data from exposure to unauthorized personnel with physical access to the computer.

Check Content

If the following registry value does not exist or is not configured as specified, this is a finding: Registry Hive: HKEY_CURRENT_USER Registry Path: \Software\Policies\Microsoft\Windows\Control Panel\Desktop\ Value Name: ScreenSaverIsSecure Type: REG_SZ Value: 1

Fix Text

Configure the policy value for User Configuration -> Administrative Templates -> Control Panel -> Personalization -> "Password protect the screen saver" to "Enabled".

Additional Identifiers

Rule ID: SV-225535r569185_rule

Vulnerability ID: V-225535

Group Title: SRG-OS-000028-GPOS-00009

Expert Comments

CCIs tied to check.

Controls tied to check. These are derived from the CCIs shown above.