STIGhubSTIGhub
STIGsRMF ControlsCompare

STIGhub

A free tool to search and browse the entire DISA STIG library. Saves up to 75% in security compliance research time.

Navigation

  • Browse STIGs
  • Search
  • RMF Controls
  • Compare Versions

Resources

  • About
  • Release Notes
  • VPAT
  • DISA STIG Library
STIGs updated 2 hours ago
Powered by Pylon
© 2026 Beacon Cloud Solutions, Inc. All rights reserved.
← AC-11 — Device Lock

CCI-000058

Definition

The information system provides the capability for users to directly initiate session lock mechanisms.

Parent Control

AC-11Device LockAccess Control

Linked STIG Checks (24)

V-252440CAT IIThe macOS system must be configured to lock the user session when a smart token is removed.Apple macOS 12 (Monterey) Security Technical Implementation GuideV-257146CAT IIThe macOS system must be configured to lock the user session when a smart token is removed.Apple macOS 13 (Ventura) Security Technical Implementation GuideV-219304CAT IIThe Ubuntu operating system must be configured for users to directly initiate a session lock for all connection types.Canonical Ubuntu 18.04 LTS Security Technical Implementation GuideV-238200CAT IIThe Ubuntu operating system must allow users to directly initiate a session lock for all connection types.Canonical Ubuntu 20.04 LTS Security Technical Implementation GuideV-260553CAT IIUbuntu 22.04 LTS must allow users to directly initiate a session lock for all connection types.Canonical Ubuntu 22.04 LTS Security Technical Implementation GuideV-274873CAT IIUbuntu 24.04 LTS must prevent a user from overriding the disabling of the graphical user smart card removal action.Canonical Ubuntu 24.04 LTS Security Technical Implementation GuideV-215211CAT IIAIX must be configured to allow users to directly initiate a session lock for all connection types.IBM AIX 7.x Security Technical Implementation GuideV-254121CAT IINutanix AOS must disconnect a session after 15 minutes of idle time for all connection types.Nutanix AOS 5.20.x OS Security Technical Implementation GuideV-221657CAT IIThe Oracle Linux operating system must enable a user session lock until that user re-establishes access using established identification and authentication procedures.Oracle Linux 7 Security Technical Implementation GuideV-248671CAT IIOL 8 must enable a user session lock until that user reestablishes access using established identification and authentication procedures for graphical user sessions.Oracle Linux 8 Security Technical Implementation GuideV-248678CAT IIOL 8 must enable a user session lock until that user reestablishes access using established identification and authentication procedures for command line sessions.Oracle Linux 8 Security Technical Implementation GuideV-248679CAT IIOL 8 must be able to initiate directly a session lock for all connection types using smartcard when the smartcard is removed.Oracle Linux 8 Security Technical Implementation GuideV-258019CAT IIRHEL 9 must be able to initiate directly a session lock for all connection types using smart card when the smart card is removed.Red Hat Enterprise Linux 9 Security Technical Implementation GuideV-258020CAT IIRHEL 9 must prevent a user from overriding the disabling of the graphical user smart card removal action.Red Hat Enterprise Linux 9 Security Technical Implementation GuideV-258021CAT IIRHEL 9 must enable a user session lock until that user re-establishes access using established identification and authentication procedures for graphical user sessions.Red Hat Enterprise Linux 9 Security Technical Implementation GuideV-258022CAT IIRHEL 9 must prevent a user from overriding the screensaver lock-enabled setting for the graphical user interface.Red Hat Enterprise Linux 9 Security Technical Implementation GuideV-275642CAT IIUbuntu OS must allow users to directly initiate a session lock for all connection types.Riverbed NetIM OS Security Technical Implementation GuideV-261276CAT IISLEM 5 must use vlock to allow for session locking.SUSE Linux Enterprise Micro (SLEM) 5 Security Technical Implementation GuideV-217107CAT IIThe SUSE operating system must be able to lock the graphical user interface (GUI).SUSE Linux Enterprise Server 12 Security Technical Implementation GuideV-217108CAT IIIThe SUSE operating system must utilize vlock to allow for session locking.SUSE Linux Enterprise Server 12 Security Technical Implementation GuideV-216363CAT IIThe operating system must provide the capability for users to directly initiate session lock mechanisms.Solaris 11 SPARC Security Technical Implementation GuideV-216126CAT IIThe operating system must provide the capability for users to directly initiate session lock mechanisms.Solaris 11 X86 Security Technical Implementation GuideV-254897CAT IIMultifactor authentication must be enabled and enforced on the Tanium Server for all access and all accounts.Tanium 7.x Application on TanOS Security Technical Implementation GuideV-252948CAT IITOSS must retain a user's session lock until that user reestablishes access using established identification and authentication procedures.Tri-Lab Operating System Stack (TOSS) 4 Security Technical Implementation Guide