Rule ID
SV-282379r1200117_rule
Version
V1R1
CCIs
A session lock is a temporary action taken when a user stops work and moves away from the immediate physical vicinity of the information system but does not want to log out because of the temporary nature of the absence.
Verify TOSS 5 initiates a session lock for graphical user interfaces when the screensaver is activated using the following command: Note: This requirement assumes the use of the TOSS 5 default graphical user interface—the GNOME desktop environment. If the system does not have a graphical user interface installed, this requirement is not applicable. $ gsettings get org.gnome.desktop.screensaver lock-delay uint32 5 If the "uint32" setting is not "5" or less or is missing, this is a finding.
Configure TOSS 5 to initiate a session lock for graphical user interfaces when a screensaver is activated. Create a database to contain the systemwide screensaver settings (if it does not already exist) using the following command: Note: The example below is using the database "local" for the system, so if the system is using another database in "/etc/dconf/profile/user", the file should be created under the appropriate subdirectory. $ sudo touch /etc/dconf/db/local.d/00-screensaver [org/gnome/desktop/screensaver] lock-delay=uint32 5 The "uint32" must be included along with the integer key values as shown. Update the system databases: $ sudo dconf update