STIGs RMF Controls Compare

STIGhub

A free tool to search and browse the entire DISA STIG library. Saves up to 75% in security compliance research time.

Navigation

Browse STIGs
Search
RMF Controls
Compare Versions

Resources

About
Release Notes
VPAT
DISA STIG Library

STIGs updated 2 hours ago

Powered by Pylon

© 2026 Beacon Cloud Solutions, Inc. All rights reserved.

← AC-11 — Device Lock

CCI-000057

Definition

Prevent further access to the system by initiating a device lock after organization-defined time period of inactivity; and/or requiring the user to initiate a device lock before leaving the system unattended.

Parent Control

AC-11Device LockAccess Control

Linked STIG Checks (200)

V-76461CAT IIThe Akamai Luna Portal must initiate a session logoff after a 15-minute period of inactivity.Akamai KSD Service Impact Level 2 NDM Security Technical Implementation Guide V-274142CAT IIAmazon Linux 2023 must automatically exit interactive command shell user sessions after 15 minutes of inactivity.Amazon Linux 2023 Security Technical Implementation Guide V-268086CAT IINixOS must initiate a session lock after a 10-minute period of inactivity for graphical user logon.Anduril NixOS Security Technical Implementation Guide V-268087CAT IINixOS must provide the capability for users to directly initiate a session lock for all connection types.Anduril NixOS Security Technical Implementation Guide V-254590CAT IIApple iOS/iPadOS 16 must be configured to enable a screen-lock policy that will lock the display after a period of inactivity.Apple iOS-iPadOS 16 Security Technical Implementation Guide V-254591CAT IIApple iOS/iPadOS 16 must be configured to lock the display after 15 minutes (or less) of inactivity.Apple iOS-iPadOS 16 Security Technical Implementation Guide V-250931CAT IIApple iOS/iPadOS 15 must be configured to enable a screen-lock policy that will lock the display after a period of inactivity.Apple iOS/iPadOS 15 Security Technical Implementation Guide V-250932CAT IIApple iOS/iPadOS 15 must be configured to lock the display after 15 minutes (or less) of inactivity.Apple iOS/iPadOS 15 Security Technical Implementation Guide V-257110CAT IIApple iOS/iPadOS 16 must be configured to lock the display after 15 minutes (or less) of inactivity.Apple iOS/iPadOS 16 BYOAD Security Technical Implementation Guide V-259766CAT IIApple iOS/iPadOS 17 must be configured to lock the display after 15 minutes (or less) of inactivity.Apple iOS/iPadOS 17 MDFPP 3.3 BYOAD Security Technical Implementation Guide V-258323CAT IIApple iOS/iPadOS 17 must be configured to lock the display after 15 minutes (or less) of inactivity.Apple iOS/iPadOS 17 Security Technical Implementation Guide V-267990CAT IIApple iOS/iPadOS 18 must be configured to lock the display after 15 minutes (or less) of inactivity.Apple iOS/iPadOS 18 Security Technical Implementation Guide V-278750CAT IIApple iOS/iPadOS 26 must be configured to lock the display after 15 minutes (or less) of inactivity.Apple iOS/iPadOS 26 Security Technical Implementation Guide V-252439CAT IIThe macOS system must initiate a session lock after a 15-minute period of inactivity.Apple macOS 12 (Monterey) Security Technical Implementation Guide V-257145CAT IIThe macOS system must initiate a session lock after a 15-minute period of inactivity.Apple macOS 13 (Ventura) Security Technical Implementation Guide V-259421CAT IIThe macOS system must configure user session lock when a smart token is removed.Apple macOS 14 (Sonoma) Security Technical Implementation Guide V-259423CAT IIThe macOS system must prevent AdminHostInfo from being available at LoginWindow.Apple macOS 14 (Sonoma) Security Technical Implementation Guide V-259441CAT IIThe macOS system must enforce screen saver timeout.Apple macOS 14 (Sonoma) Security Technical Implementation Guide V-268423CAT IIThe macOS system must configure user session lock when a smart token is removed.Apple macOS 15 (Sequoia) Security Technical Implementation Guide V-268441CAT IIThe macOS system must enforce screen saver timeout.Apple macOS 15 (Sequoia) Security Technical Implementation Guide V-277031CAT IIThe macOS system must configure user session lock when a smart token is removed.Apple macOS 26 (Tahoe) Security Technical Implementation Guide V-277049CAT IIThe macOS system must enforce screen saver timeout.Apple macOS 26 (Tahoe) Security Technical Implementation Guide V-276382CAT IIApple visionOS 2 must be configured to lock the display after 15 minutes (or fewer) of inactivity.Apple visionOS 2 Security Technical Implementation Guide V-282791CAT IIApple visionOS 26 must be configured to lock the display after 15 minutes (or less) of inactivity.Apple visionOS 26 Security Technical Implementation Guide V-205052CAT IIThe ALG providing user access control intermediary services must initiate a session lock after a 15-minute period of inactivity.Application Layer Gateway Security Requirements Guide V-205053CAT IIThe ALG providing user access control intermediary services must provide the capability for users to directly initiate a session lock.Application Layer Gateway Security Requirements Guide V-272628CAT IICylanceON-PREM must be configured to initiate a session timeout after 10 minutes of inactivity.Arctic Wolf CylanceON-PREM Security Technical Implementation Guide V-256840CAT IICompliance Guardian must initiate a session timeout after a 15-minute period of inactivity.AvePoint Compliance Guardian Security Technical Implementation Guide V-253511CAT IIDocAve must initiate a session lock after a 15-minute period of inactivity.AvePoint DocAve 6 Security Technical Implementation Guide V-276002CAT IIAx-OS must automatically terminate a graphical user interface (GUI) user session after 15 minutes.Axonius Federal Systems Ax-OS Security Technical Implementation Guide V-276003CAT IIAx-OS must automatically terminate a Secure Shell (SSH) user session after 15 minutes.Axonius Federal Systems Ax-OS Security Technical Implementation Guide V-38705CAT IIBlackBerry PlayBook OS must lock the device after no more than 15 minutes of inactivity.BlackBerry PlayBook OS V2.1 Security Technical Implementation Guide V-224374CAT IIThe BlackBerry UEM server or platform must be configured to initiate a session lock after a 15-minute period of inactivity.BlackBerry UEM Security Technical Implementation Guide V-219303CAT IIThe Ubuntu operating system must initiate a session lock after a 15-minute period of inactivity for all connection types.Canonical Ubuntu 18.04 LTS Security Technical Implementation Guide V-238199CAT IIThe Ubuntu operating system must retain a user's session lock until that user reestablishes access using established identification and authentication procedures.Canonical Ubuntu 20.04 LTS Security Technical Implementation Guide V-238200CAT IIThe Ubuntu operating system must allow users to directly initiate a session lock for all connection types.Canonical Ubuntu 20.04 LTS Security Technical Implementation Guide V-260538CAT IIUbuntu 22.04 LTS must initiate a graphical session lock after 15 minutes of inactivity.Canonical Ubuntu 22.04 LTS Security Technical Implementation Guide V-260553CAT IIUbuntu 22.04 LTS must allow users to directly initiate a session lock for all connection types.Canonical Ubuntu 22.04 LTS Security Technical Implementation Guide V-270674CAT IIUbuntu 24.04 LTS must allow users to directly initiate a session lock for all connection types.Canonical Ubuntu 24.04 LTS Security Technical Implementation Guide V-270678CAT IIUbuntu 24.04 LTS must initiate a graphical session lock after 10 minutes of inactivity.Canonical Ubuntu 24.04 LTS Security Technical Implementation Guide V-274873CAT IIUbuntu 24.04 LTS must prevent a user from overriding the disabling of the graphical user smart card removal action.Canonical Ubuntu 24.04 LTS Security Technical Implementation Guide V-234256CAT IIThe application must initiate a session lock after a 15-minute period of inactivity.Citrix Virtual Apps and Desktop 7.x Linux Virtual Delivery Agent Security Technical Implementation Guide V-269106CAT IIAlmaLinux OS 9 must initiate a session lock for graphical user interfaces when the screensaver is activated.Cloud Linux AlmaLinux OS 9 Security Technical Implementation Guide V-269107CAT IIAlmaLinux OS 9 must prevent a user from overriding the session lock-delay setting for the graphical user interface.Cloud Linux AlmaLinux OS 9 Security Technical Implementation Guide V-269108CAT IIAlmaLinux OS 9 must automatically exit interactive command shell user sessions after 10 minutes of inactivity.Cloud Linux AlmaLinux OS 9 Security Technical Implementation Guide V-235825CAT IIThe Lifetime Minutes and Renewal Threshold Minutes Login Session Controls must be set to 10 and 0 respectively in Docker Enterprise.Docker Enterprise 2.x Linux/UNIX Security Technical Implementation Guide V-270904CAT IIDragos must configure idle timeouts at 10 minutes.Dragos Platform 2.x Security Technical Implementation Guide V-217408CAT IThe BIG-IP appliance must be configured to terminate all management sessions after 10 minutes of inactivity.F5 BIG-IP Device Management Security Technical Implementation Guide V-215765CAT IIThe BIG-IP Core implementation must terminate all communications sessions at the end of the session or as follows: for in-band management sessions (privileged sessions), the session must be terminated after 10 minutes of inactivity, and for user sessions (nonprivileged sessions), the session must be terminated after 15 minutes of inactivity.F5 BIG-IP Local Traffic Manager Security Technical Implementation Guide V-266095CAT IThe F5 BIG-IP appliance must set the idle time before automatic logout to five minutes of inactivity except to fulfill documented and validated mission requirements.F5 BIG-IP TMOS NDM Security Technical Implementation Guide V-203599CAT IIThe operating system must initiate a session lock after a 15-minute period of inactivity for all connection types.General Purpose Operating System Security Requirements Guide V-203600CAT IIThe operating system must provide the capability for users to directly initiate a session lock for all connection types.General Purpose Operating System Security Requirements Guide V-258478CAT IIGoogle Android 13 must be configured to lock the display after 15 minutes (or less) of inactivity.Google Android 13 BYOAD Security Technical Implementation Guide V-254767CAT IIGoogle Android 13 must be configured to enable a screen-lock policy that will lock the display after a period of inactivity.Google Android 13 COPE Security Technical Implementation Guide V-254768CAT IIGoogle Android 13 must be configured to lock the display after 15 minutes (or less) of inactivity.Google Android 13 COPE Security Technical Implementation Guide V-258381CAT IIGoogle Android 14 must be configured to lock the display after 15 minutes (or less) of inactivity.Google Android 14 COBO Security Technical Implementation Guide V-258412CAT IIGoogle Android 14 must be configured to lock the display after 15 minutes (or less) of inactivity.Google Android 14 COPE Security Technical Implementation Guide V-260128CAT IIGoogle Android 14 must be configured to lock the display after 15 minutes (or less) of inactivity.Google Android 14 MDFPP 3.3 BYOAD Security Technical Implementation Guide V-267433CAT IIGoogle Android 15 must be configured to lock the display after 15 minutes (or less) of inactivity.Google Android 15 COBO Security Technical Implementation Guide V-267528CAT IIGoogle Android 15 must be configured to lock the display after 15 minutes (or less) of inactivity.Google Android 15 COPE Security Technical Implementation Guide V-276751CAT IIGoogle Android 16 must be configured to lock the display after 15 minutes (or less) of inactivity.Google Android 16 COBO Security Technical Implementation Guide V-276853CAT IIGoogle Android 16 must be configured to lock the display after 15 minutes (or less) of inactivity.Google Android 16 COPE Security Technical Implementation Guide V-266996CAT IIThe Remote Access VPN Gateway must terminate remote access network connections after an organization-defined time period.HPE Aruba Networking AOS VPN Security Technical Implementation Guide V-252186CAT IIThe HPE Nimble must initiate a session lock after a 15-minute period of inactivity.HPE Nimble Storage Array NDM Security Technical Implementation Guide V-274285CAT IIHoneywell Android 13 must be configured to lock the display after 15 minutes (or less) of inactivity.Honeywell Android 13 COBO Security Technical Implementation Guide V-274380CAT IIHoneywell Android 13 must be configured to lock the display after 15 minutes (or less) of inactivity.Honeywell Android 13 COPE Security Technical Implementation Guide V-235037CAT IIThe Honeywell Mobility Edge Android Pie device must be configured to enable a screen-lock policy that will lock the display after a period of inactivity.Honeywell Android 9.x COBO Security Technical Implementation Guide V-235038CAT IIThe Honeywell Mobility Edge Android Pie device must be configured to lock the display after 15 minutes (or less) of inactivity.Honeywell Android 9.x COBO Security Technical Implementation Guide V-235064CAT IIThe Honeywell Mobility Edge Android Pie device must be configured to enable a screen-lock policy that will lock the display after a period of inactivity.Honeywell Android 9.x COPE Security Technical Implementation Guide V-235065CAT IIThe Honeywell Mobility Edge Android Pie device must be configured to lock the display after 15 minutes (or less) of inactivity.Honeywell Android 9.x COPE Security Technical Implementation Guide V-215211CAT IIAIX must be configured to allow users to directly initiate a session lock for all connection types.IBM AIX 7.x Security Technical Implementation Guide V-215318CAT IIAIX must automatically lock after 15 minutes of inactivity in the CDE Graphical desktop environment.IBM AIX 7.x Security Technical Implementation Guide V-24361CAT IIThe terminal or workstation must lock out after a maximum of 15 minutes of inactivity, requiring the account password to resume.IBM Hardware Management Console (HMC) STIG V-256883CAT IIThe terminal or workstation must lock out after a maximum of 15 minutes of inactivity, requiring the account password to resume.IBM Hardware Management Console (HMC) Security Technical Implementation Guide V-223576CAT IIIBM z/OS must employ a session manager to manage session lock after a 15-minute period of inactivity.IBM z/OS ACF2 Security Technical Implementation Guide V-223583CAT IIIBM z/OS must employ a session manager configured for users to directly initiate a session lock for all connection types.IBM z/OS ACF2 Security Technical Implementation Guide V-223795CAT IIIBM z/OS must employ a session manager to manage session lock after a 15-minute period of inactivity.IBM z/OS RACF Security Technical Implementation Guide V-223796CAT IIIBM z/OS must employ a session for users to directly initiate a session lock for all connection types.IBM z/OS RACF Security Technical Implementation Guide V-223999CAT IIIBM z/OS Session manager must properly configure wait time limits.IBM z/OS TSS Security Technical Implementation Guide V-224043CAT IIIBM z/OS must employ a session manager for users to directly initiate a session lock for all connection types.IBM z/OS TSS Security Technical Implementation Guide V-224761CAT IIThe ISEC7 SPHERE must initiate a session lock after a 15-minute period of inactivity.ISEC7 Sphere Security Technical Implementation Guide V-258591CAT IIThe ICS must terminate remote access network connections after 10 minutes or less.Ivanti Connect Secure VPN Security Technical Implementation Guide V-251401CAT IIThe Ivanti EPMM server must initiate a session lock after a 15-minute period of inactivity.Ivanti EPMM Server Security Technical Implementation Guide V-251401CAT IIThe Ivanti MobileIron Core server must initiate a session lock after a 15-minute period of inactivity.Ivanti MobileIron Core MDM Server Security Technical Implementation Guide V-250984CAT IIMobileIron Sentry must initiate a session lock after a 15-minute period of inactivity.Ivanti MobileIron Sentry 9.x NDM Security Technical Implementation Guide V-250984CAT IISentry must initiate a session lock after a 15-minute period of inactivity.Ivanti Sentry 9.x NDM Security Technical Implementation Guide V-241791CAT IIThe Jamf Pro EMM server or platform must be configured to initiate a session lock after a 15-minute period of inactivity.Jamf Pro v10.x EMM Security Technical Implementation Guide V-205441CAT IIThe Mainframe Product must initiate a session lock after a 15-minute period of inactivity.Mainframe Product Security Requirements Guide V-205442CAT IIThe Mainframe Product must provide the capability for users to directly initiate a session lock.Mainframe Product Security Requirements Guide V-270200CAT IIMicrosoft Entra ID must initiate a session lock after a 15-minute period of inactivity.Microsoft Entra ID Security Technical Implementation Guide V-273867CAT IIMicrosoft Intune service must initiate a session lock after a 15-minute period of inactivity.Microsoft Intune MDM Service Desktop & Mobile Security Technical Implementation Guide V-273867CAT IIMicrosoft Intune service must initiate a session lock after a 15-minute period of inactivity.Microsoft Intune MDM Service Desktop & Mobile Security Technical Implementation Guide V-220920CAT IIThe machine inactivity limit must be set to 15 minutes, locking the system with the screensaver.Microsoft Windows 10 Security Technical Implementation Guide V-225035CAT IIThe machine inactivity limit must be set to 15 minutes, locking the system with the screen saver.Microsoft Windows Server 2016 Security Technical Implementation Guide V-205633CAT IIWindows Server 2019 machine inactivity limit must be set to 15 minutes or less, locking the system with the screen saver.Microsoft Windows Server 2019 Security Technical Implementation Guide V-254456CAT IIWindows Server 2022 machine inactivity limit must be set to 15 minutes or less, locking the system with the screen saver.Microsoft Windows Server 2022 Security Technical Implementation Guide V-278206CAT IIWindows Server 2025 machine inactivity limit must be set to 15 minutes or less, locking the system with the screen saver.Microsoft Windows Server 2025 Security Technical Implementation Guide V-91809CAT IIThe MobileIron Core v10 server or platform must be configured to initiate a session lock after a 15-minute period of inactivity.MobileIron Core v10.x MDM Security Technical Implementation Guide V-272175CAT IIMotorola Solutions Android 13 must be configured to lock the display after 15 minutes (or less) of inactivity.Motorola Solutions Android 13 COBO Security Technical Implementation Guide V-272312CAT IIMotorola Solutions Android 13 must be configured to lock the display after 15 minutes (or less) of inactivity.Motorola Solutions Android 13 COPE Security Technical Implementation Guide V-246923CAT IIONTAP must be configured to create a session lock after 15 minutes.NetApp ONTAP DSC 9.x Security Technical Implementation Guide V-202007CAT IIThe network device must initiate a session lock after a 15-minute period of inactivity.Network Device Management Security Requirements Guide V-202008CAT IIThe network device must be configured to enable network administrators to directly initiate a session lock.Network Device Management Security Requirements Guide V-243208CAT IIThe WLAN inactive/idle session timeout must be set for 30 minutes or less.Network WLAN AP-IG Platform Security Technical Implementation Guide V-243218CAT IIThe WLAN inactive/idle session timeout must be set for 30 minutes or less.Network WLAN AP-NIPR Platform Security Technical Implementation Guide V-243233CAT IIThe WLAN inactive/idle session timeout must be set for 30 minutes or less.Network WLAN Controller Platform Security Technical Implementation Guide V-254121CAT IINutanix AOS must disconnect a session after 15 minutes of idle time for all connection types.Nutanix AOS 5.20.x OS Security Technical Implementation Guide V-279529CAT IINutanix OS must set the value of "lock-after-time" to 890 seconds for remote access sessions.Nutanix Acropolis GPOS Security Technical Implementation Guide V-273186CAT IIOkta must log out a session after a 15-minute period of inactivity.Okta Identity as a Service (IDaaS) Security Technical Implementation Guide V-273187CAT IIThe Okta Admin Console must log out a session after a 15-minute period of inactivity.Okta Identity as a Service (IDaaS) Security Technical Implementation Guide V-221657CAT IIThe Oracle Linux operating system must enable a user session lock until that user re-establishes access using established identification and authentication procedures.Oracle Linux 7 Security Technical Implementation Guide V-221659CAT IIThe Oracle Linux operating system must prevent a user from overriding the screensaver lock-enabled setting for the graphical user interface.Oracle Linux 7 Security Technical Implementation Guide V-221660CAT IIThe Oracle Linux operating system must initiate a screensaver after a 15-minute period of inactivity for graphical user interfaces.Oracle Linux 7 Security Technical Implementation Guide V-221661CAT IIThe Oracle Linux operating system must prevent a user from overriding the screensaver lock-delay setting for the graphical user interface.Oracle Linux 7 Security Technical Implementation Guide V-221662CAT IIThe Oracle Linux operating system must prevent a user from overriding the session idle-delay setting for the graphical user interface.Oracle Linux 7 Security Technical Implementation Guide V-221664CAT IIThe Oracle Linux operating system must initiate a session lock for the screensaver after a period of inactivity for graphical user interfaces.Oracle Linux 7 Security Technical Implementation Guide V-221665CAT IIThe Oracle Linux operating system must prevent a user from overriding the screensaver idle-activation-enabled setting for the graphical user interface.Oracle Linux 7 Security Technical Implementation Guide V-221666CAT IIThe Oracle Linux operating system must initiate a session lock for graphical user interfaces when the screensaver is activated.Oracle Linux 7 Security Technical Implementation Guide V-248671CAT IIOL 8 must enable a user session lock until that user reestablishes access using established identification and authentication procedures for graphical user sessions.Oracle Linux 8 Security Technical Implementation Guide V-248672CAT IIOL 8 must initiate a session lock for graphical user interfaces when the screensaver is activated.Oracle Linux 8 Security Technical Implementation Guide V-248678CAT IIOL 8 must enable a user session lock until that user reestablishes access using established identification and authentication procedures for command line sessions.Oracle Linux 8 Security Technical Implementation Guide V-248679CAT IIOL 8 must be able to initiate directly a session lock for all connection types using smartcard when the smartcard is removed.Oracle Linux 8 Security Technical Implementation Guide V-248680CAT IIOL 8 must automatically lock graphical user sessions after 15 minutes of inactivity.Oracle Linux 8 Security Technical Implementation Guide V-248682CAT IIOL 8 must prevent a user from overriding the session lock-delay setting for the graphical user interface.Oracle Linux 8 Security Technical Implementation Guide V-248683CAT IIOL 8 must prevent a user from overriding the session idle-delay setting for the graphical user interface.Oracle Linux 8 Security Technical Implementation Guide V-248684CAT IIOL 8 must prevent a user from overriding the session lock-enabled setting for the graphical user interface.Oracle Linux 8 Security Technical Implementation Guide V-271673CAT IIOL 9 must initiate a session lock for graphical user interfaces when the screensaver is activated.Oracle Linux 9 Security Technical Implementation Guide V-271674CAT IIOL 9 must automatically lock graphical user sessions after 15 minutes of inactivity.Oracle Linux 9 Security Technical Implementation Guide V-271681CAT IIOL 9 must prevent a user from overriding the screensaver lock-enabled setting for the graphical user interface.Oracle Linux 9 Security Technical Implementation Guide V-271682CAT IIOL 9 must prevent a user from overriding the session idle-delay setting for the graphical user interface.Oracle Linux 9 Security Technical Implementation Guide V-271683CAT IIOL 9 must prevent a user from overriding the session lock-delay setting for the graphical user interface.Oracle Linux 9 Security Technical Implementation Guide V-271684CAT IIOL 9 must prevent a user from overriding the disabling of the graphical user smart card removal action.Oracle Linux 9 Security Technical Implementation Guide V-271690CAT IIOL 9 must be able to directly initiate a session lock for all connection types using smart card when the smart card is removed.Oracle Linux 9 Security Technical Implementation Guide V-271750CAT IIOL 9 must automatically exit interactive command shell user sessions after 15 minutes of inactivity.Oracle Linux 9 Security Technical Implementation Guide V-281276CAT IIRHEL 10 must prevent a user from overriding the disabling of the graphical user smart card removal action.Red Hat Enterprise Linux 10 Security Technical Implementation Guide V-281277CAT IIRHEL 10 must prevent a user from overriding the screensaver lock-enabled setting for the graphical user interface.Red Hat Enterprise Linux 10 Security Technical Implementation Guide V-281278CAT IIRHEL 10 must automatically lock graphical user sessions after 15 minutes of inactivity.Red Hat Enterprise Linux 10 Security Technical Implementation Guide V-281279CAT IIRHEL 10 must prevent a user from overriding the session idle-delay setting for the graphical user interface.Red Hat Enterprise Linux 10 Security Technical Implementation Guide V-281280CAT IIRHEL 10 must initiate a session lock for graphical user interfaces when the screensaver is activated.Red Hat Enterprise Linux 10 Security Technical Implementation Guide V-281281CAT IIRHEL 10 must prevent a user from overriding the session lock-delay setting for the graphical user interface.Red Hat Enterprise Linux 10 Security Technical Implementation Guide V-281295CAT IIRHEL 10 must automatically exit interactive command shell user sessions after 15 minutes of inactivity.Red Hat Enterprise Linux 10 Security Technical Implementation Guide V-204398CAT IIThe Red Hat Enterprise Linux operating system must initiate a screensaver after a 15-minute period of inactivity for graphical user interfaces.Red Hat Enterprise Linux 7 Security Technical Implementation Guide V-204399CAT IIThe Red Hat Enterprise Linux operating system must prevent a user from overriding the screensaver lock-delay setting for the graphical user interface.Red Hat Enterprise Linux 7 Security Technical Implementation Guide V-204400CAT IIThe Red Hat Enterprise Linux operating system must prevent a user from overriding the session idle-delay setting for the graphical user interface.Red Hat Enterprise Linux 7 Security Technical Implementation Guide V-204402CAT IIThe Red Hat Enterprise Linux operating system must initiate a session lock for the screensaver after a period of inactivity for graphical user interfaces.Red Hat Enterprise Linux 7 Security Technical Implementation Guide V-204403CAT IIThe Red Hat Enterprise Linux operating system must prevent a user from overriding the screensaver idle-activation-enabled setting for the graphical user interface.Red Hat Enterprise Linux 7 Security Technical Implementation Guide V-204404CAT IIThe Red Hat Enterprise Linux operating system must initiate a session lock for graphical user interfaces when the screensaver is activated.Red Hat Enterprise Linux 7 Security Technical Implementation Guide V-214937CAT IIThe Red Hat Enterprise Linux operating system must prevent a user from overriding the screensaver lock-enabled setting for the graphical user interface.Red Hat Enterprise Linux 7 Security Technical Implementation Guide V-255926CAT IIThe Red Hat Enterprise Linux operating system must have the screen package installed.Red Hat Enterprise Linux 7 Security Technical Implementation Guide V-230352CAT IIRHEL 8 must automatically lock graphical user sessions after 15 minutes of inactivity.Red Hat Enterprise Linux 8 Security Technical Implementation Guide V-230354CAT IIRHEL 8 must prevent a user from overriding the session lock-delay setting for the graphical user interface.Red Hat Enterprise Linux 8 Security Technical Implementation Guide V-244535CAT IIRHEL 8 must initiate a session lock for graphical user interfaces when the screensaver is activated.Red Hat Enterprise Linux 8 Security Technical Implementation Guide V-244538CAT IIRHEL 8 must prevent a user from overriding the session idle-delay setting for the graphical user interface.Red Hat Enterprise Linux 8 Security Technical Implementation Guide V-244539CAT IIRHEL 8 must prevent a user from overriding the screensaver lock-enabled setting for the graphical user interface.Red Hat Enterprise Linux 8 Security Technical Implementation Guide V-258019CAT IIRHEL 9 must be able to initiate directly a session lock for all connection types using smart card when the smart card is removed.Red Hat Enterprise Linux 9 Security Technical Implementation Guide V-258020CAT IIRHEL 9 must prevent a user from overriding the disabling of the graphical user smart card removal action.Red Hat Enterprise Linux 9 Security Technical Implementation Guide V-258021CAT IIRHEL 9 must enable a user session lock until that user re-establishes access using established identification and authentication procedures for graphical user sessions.Red Hat Enterprise Linux 9 Security Technical Implementation Guide V-258022CAT IIRHEL 9 must prevent a user from overriding the screensaver lock-enabled setting for the graphical user interface.Red Hat Enterprise Linux 9 Security Technical Implementation Guide V-258023CAT IIRHEL 9 must automatically lock graphical user sessions after 10 minutes of inactivity.Red Hat Enterprise Linux 9 Security Technical Implementation Guide V-258024CAT IIRHEL 9 must prevent a user from overriding the session idle-delay setting for the graphical user interface.Red Hat Enterprise Linux 9 Security Technical Implementation Guide V-258025CAT IIRHEL 9 must initiate a session lock for graphical user interfaces when the screensaver is activated.Red Hat Enterprise Linux 9 Security Technical Implementation Guide V-258026CAT IIRHEL 9 must prevent a user from overriding the session lock-delay setting for the graphical user interface.Red Hat Enterprise Linux 9 Security Technical Implementation Guide V-258068CAT IIRHEL 9 must automatically exit interactive command shell user sessions after 10 minutes of inactivity.Red Hat Enterprise Linux 9 Security Technical Implementation Guide V-275629CAT IIUbuntu OS must initiate a graphical session lock after 15 minutes of inactivity.Riverbed NetIM OS Security Technical Implementation Guide V-275642CAT IIUbuntu OS must allow users to directly initiate a session lock for all connection types.Riverbed NetIM OS Security Technical Implementation Guide V-254086CAT IIInnoslate must initiate a session lock after a 15-minute period of inactivity.SPEC Innovations Innoslate 4.x Security Technical Implementation Guide V-261363CAT IISLEM 5 must initiate a session lock after a 15-minute period of inactivity.SUSE Linux Enterprise Micro (SLEM) 5 Security Technical Implementation Guide V-217107CAT IIThe SUSE operating system must be able to lock the graphical user interface (GUI).SUSE Linux Enterprise Server 12 Security Technical Implementation Guide V-217108CAT IIIThe SUSE operating system must utilize vlock to allow for session locking.SUSE Linux Enterprise Server 12 Security Technical Implementation Guide V-217109CAT IIThe SUSE operating system must initiate a session lock after a 15-minute period of inactivity for the graphical user interface.SUSE Linux Enterprise Server 12 Security Technical Implementation Guide V-217110CAT IIThe SUSE operating system must initiate a session lock after a 10-minute period of inactivity.SUSE Linux Enterprise Server 12 Security Technical Implementation Guide V-272529CAT IISamsung Android must be configured to lock the display after 15 minutes (or less) of inactivity.Samsung Android 15 MDFPP 3.3 BYOAD Security Technical Implementation Guide V-276560CAT IISamsung Android must be configured to lock the display after 15 minutes (or less) of inactivity.Samsung Android 16 COBO Security Technical Implementation Guide V-276668CAT IISamsung Android must be configured to lock the display after 15 minutes (or less) of inactivity.Samsung Android 16 COPE Security Technical Implementation Guide V-255110CAT IISamsung Android must be configured to enable a screen-lock policy that will lock the display after a period of inactivity.Samsung Android OS 13 with Knox 3.x COBO Security Technical Implementation Guide V-255113CAT IISamsung Android must be configured to lock the display after 15 minutes (or less) of inactivity.Samsung Android OS 13 with Knox 3.x COBO Security Technical Implementation Guide V-255140CAT IISamsung Android must be configured to enable a screen-lock policy that will lock the display after a period of inactivity.Samsung Android OS 13 with Knox 3.x COPE Security Technical Implementation Guide V-255143CAT IISamsung Android must be configured to lock the display after 15 minutes (or less) of inactivity.Samsung Android OS 13 with Knox 3.x COPE Security Technical Implementation Guide V-258632CAT IISamsung Android must be configured to lock the display after 15 minutes (or less) of inactivity.Samsung Android OS 14 with Knox 3.x COBO Security Technical Implementation Guide V-258669CAT IISamsung Android must be configured to lock the display after 15 minutes (or less) of inactivity.Samsung Android OS 14 with Knox 3.x COPE Security Technical Implementation Guide V-268926CAT IISamsung Android must be configured to lock the display after 15 minutes (or less) of inactivity.Samsung Android OS 15 with Knox 3.x COBO Security Technical Implementation Guide V-269025CAT IISamsung Android must be configured to lock the display after 15 minutes (or less) of inactivity.Samsung Android OS 15 with Knox 3.x COPE Security Technical Implementation Guide V-225642CAT IIThe Samsung SDS EMM or platform must be configured to initiate a session lock after a 15-minute period of inactivity.Samsung SDS EMM Security Technical Implementation Guide V-281366CAT IITCMax must initiate a session lock after a 15-minute period of inactivity.Soaring Software Solutions TCMax 9.x Security Technical Implementation Guide V-216337CAT IIGraphical desktop environments provided by the system must automatically lock after 15 minutes of inactivity.Solaris 11 SPARC Security Technical Implementation Guide V-216363CAT IIThe operating system must provide the capability for users to directly initiate session lock mechanisms.Solaris 11 SPARC Security Technical Implementation Guide V-216102CAT IIGraphical desktop environments provided by the system must automatically lock after 15 minutes of inactivity.Solaris 11 X86 Security Technical Implementation Guide V-216126CAT IIThe operating system must provide the capability for users to directly initiate session lock mechanisms.Solaris 11 X86 Security Technical Implementation Guide V-241017CAT IIThe Tanium Server console must be configured to initiate a session lock after a 15-minute period of inactivity.Tanium 7.0 Security Technical Implementation Guide V-234078CAT IIThe Tanium Application Server console must be configured to initiate a session lock after a 15-minute period of inactivity.Tanium 7.3 Security Technical Implementation Guide V-254876CAT IIThe Tanium Application Server console must be configured to initiate a session lock after a 15-minute period of inactivity.Tanium 7.x Application on TanOS Security Technical Implementation Guide V-254897CAT IIMultifactor authentication must be enabled and enforced on the Tanium Server for all access and all accounts.Tanium 7.x Application on TanOS Security Technical Implementation Guide V-253837CAT IIThe Tanium Application Server console must be configured to initiate a session lock after a 15-minute period of inactivity.Tanium 7.x Security Technical Implementation Guide V-241109CAT IITrend Deep Security must initiate a session lock after a 15-minute period of inactivity.Trend Micro Deep Security 9.x Security Technical Implementation Guide V-252948CAT IITOSS must retain a user's session lock until that user reestablishes access using established identification and authentication procedures.Tri-Lab Operating System Stack (TOSS) 4 Security Technical Implementation Guide V-252949CAT IITOSS must automatically lock graphical user sessions after 10 minutes of inactivity.Tri-Lab Operating System Stack (TOSS) 4 Security Technical Implementation Guide V-282372CAT IITOSS 5 must directly initiate a session lock for all connection types when the smart card is removed.Tri-Lab Operating System Stack (TOSS) 5 Security Technical Implementation Guide V-282373CAT IITOSS 5 must prevent a user from overriding the disabling of the graphical user smart card removal action.Tri-Lab Operating System Stack (TOSS) 5 Security Technical Implementation Guide V-282374CAT IITOSS 5 must enable a user session lock until that user reestablishes access using established identification and authentication procedures for graphical user sessions.Tri-Lab Operating System Stack (TOSS) 5 Security Technical Implementation Guide V-282375CAT IITOSS 5 must prevent a user from overriding the screensaver lock-enabled setting for the graphical user interface.Tri-Lab Operating System Stack (TOSS) 5 Security Technical Implementation Guide