SRG-OS-000028-GPOS-00009 Controls

STIG IDVersionTitleProduct
ALMA-09-002000V1R1AlmaLinux OS 9 must be able to directly initiate a session lock for all connection types using smart card when the smart card is removed.
ALMA-09-002110V1R1AlmaLinux OS 9 must prevent a user from overriding the disabling of the graphical user smart card removal action.
UBTU-18-010401V2R15The Ubuntu operating system must retain a users session lock until that user reestablishes access using established identification and authentication procedures.
UBTU-20-010004V1R9The Ubuntu operating system must retain a user's session lock until that user reestablishes access using established identification and authentication procedures.
UBTU-24-200040V1R1Ubuntu 24.04 LTS must retain a user's session lock until the user reestablishes access using established identification and authentication procedures.
WN22-SO-000120V2R1Windows Server 2022 machine inactivity limit must be set to 15 minutes or less, locking the system with the screen saver.
WN10-CC-000365V2R8Windows 10 must be configured to prevent Windows apps from being activated by voice while the system is locked.
APPL-15-000001V1R1The macOS system must prevent Apple Watch from terminating a session lock.
APPL-15-000002V1R1The macOS system must enforce screen saver password.
APPL-15-000003V1R1The macOS system must enforce session lock no more than five seconds after screen saver is started.
APPL-15-002090V1R1The macOS system must disable TouchID for unlocking the device.
APPL-14-000001V2R1The macOS system must prevent Apple Watch from terminating a session lock.
APPL-14-000002V2R1The macOS system must enforce screen saver password.
APPL-14-000003V2R1The macOS system must enforce session lock no more than five seconds after screen saver is started.
APPL-14-002090V2R1The macOS system must disable TouchID for unlocking the device.
WN11-CC-000365V2R1Windows 11 must be configured to prevent Windows apps from being activated by voice while the system is locked.
UBTU-22-271020V2R1Ubuntu 22.04 LTS must retain a user's session lock until that user reestablishes access using established identification and authentication procedures.
RHEL-08-020030V1R9RHEL 8 must enable a user session lock until that user re-establishes access using established identification and authentication procedures for graphical user sessions.
RHEL-08-020040V1R9RHEL 8 must enable a user session lock until that user re-establishes access using established identification and authentication procedures for command line sessions.
RHEL-08-020041V1R9RHEL 8 must ensure session control is automatically started at shell initialization.
RHEL-08-020042V1R9RHEL 8 must prevent users from disabling session control mechanisms.
RHEL-08-020050V1R9RHEL 8 must be able to initiate directly a session lock for all connection types using smartcard when the smartcard is removed.
RHEL-08-020039V1R9RHEL 8 must have the tmux package installed.
RHEL-07-010060V3R8The Red Hat Enterprise Linux operating system must enable a user session lock until that user re-establishes access using established identification and authentication procedures.
RHEL-09-271045V2R1RHEL 9 must be able to initiate directly a session lock for all connection types using smart card when the smart card is removed.
RHEL-09-271050V2R1RHEL 9 must prevent a user from overriding the disabling of the graphical user smart card removal action.
RHEL-09-271055V2R1RHEL 9 must enable a user session lock until that user re-establishes access using established identification and authentication procedures for graphical user sessions.
RHEL-09-271060V2R1RHEL 9 must prevent a user from overriding the screensaver lock-enabled setting for the graphical user interface.
RHEL-09-412020V2R1RHEL 9 must enable a user session lock until that user re-establishes access using established identification and authentication procedures for command line sessions.
OL09-00-002123V1R1OL 9 must prevent a user from overriding the screensaver lock-enabled setting for the graphical user interface.
OL09-00-002126V1R1OL 9 must prevent a user from overriding the disabling of the graphical user smart card removal action.
OL09-00-002160V1R1OL 9 must be able to directly initiate a session lock for all connection types using smart card when the smart card is removed.
SLES-15-010100V1R9The SUSE operating system must be able to lock the graphical user interface (GUI).
SLES-15-010110V1R9The SUSE operating system must utilize vlock to allow for session locking.
SLES-12-010060V2R13The SUSE operating system must be able to lock the graphical user interface (GUI).
SLES-12-010070V2R13The SUSE operating system must utilize vlock to allow for session locking.
OL07-00-010060V2R14The Oracle Linux operating system must enable a user session lock until that user re-establishes access using established identification and authentication procedures.
WN19-SO-000120V2R8Windows Server 2019 machine inactivity limit must be set to 15 minutes or less, locking the system with the screen saver.
OL08-00-020030V1R9OL 8 must enable a user session lock until that user reestablishes access using established identification and authentication procedures for graphical user sessions.
OL08-00-020039V1R9OL 8 must have the tmux package installed.
OL08-00-020040V1R9OL 8 must enable a user session lock until that user re-establishes access using established identification and authentication procedures for command line sessions.
OL08-00-020041V1R9OL 8 must ensure session control is automatically started at shell initialization.
OL08-00-020042V1R9OL 8 must prevent users from disabling session control mechanisms.
OL08-00-020043V1R9OL 8 must enable a user session lock until that user reestablishes access using established identification and authentication procedures for command line sessions.
OL08-00-020050V1R9OL 8 must be able to initiate directly a session lock for all connection types using smartcard when the smartcard is removed.
This website is not created by, run, approved, or endorsed by the U.S. Department of Defense. Use at your own risk. This website is created by open-source software.