SRG-OS-000028-GPOS-00009 Controls

STIG ID Version Title Product
ALMA-09-002000 V1R2 AlmaLinux OS 9 must be able to directly initiate a session lock for all connection types using smart card when the smart card is removed.
ALMA-09-002110 V1R2 AlmaLinux OS 9 must prevent a user from overriding the disabling of the graphical user smart card removal action.
APPL-14-000001 V2R3 The macOS system must prevent Apple Watch from terminating a session lock.
APPL-14-000002 V2R3 The macOS system must enforce screen saver password.
APPL-14-000003 V2R3 The macOS system must enforce session lock no more than five seconds after screen saver is started.
APPL-14-002090 V2R3 The macOS system must disable TouchID for unlocking the device.
APPL-15-000001 V1R3 The macOS system must prevent Apple Watch from terminating a session lock.
APPL-15-000002 V1R3 The macOS system must enforce screen saver password.
APPL-15-000003 V1R3 The macOS system must enforce session lock no more than five seconds after screen saver is started.
APPL-15-002090 V1R3 The macOS system must disable TouchID for unlocking the device.
OL07-00-010060 V3R2 The Oracle Linux operating system must enable a user session lock until that user re-establishes access using established identification and authentication procedures.
OL08-00-020030 V2R4 OL 8 must enable a user session lock until that user reestablishes access using established identification and authentication procedures for graphical user sessions.
OL08-00-020043 V2R4 OL 8 must enable a user session lock until that user reestablishes access using established identification and authentication procedures for command line sessions.
OL08-00-020050 V2R4 OL 8 must be able to initiate directly a session lock for all connection types using smartcard when the smartcard is removed.
OL09-00-002123 V1R1 OL 9 must prevent a user from overriding the screensaver lock-enabled setting for the graphical user interface.
OL09-00-002126 V1R1 OL 9 must prevent a user from overriding the disabling of the graphical user smart card removal action.
OL09-00-002160 V1R1 OL 9 must be able to directly initiate a session lock for all connection types using smart card when the smart card is removed.
RHEL-07-010060 V3R9 The Red Hat Enterprise Linux operating system must enable a user session lock until that user re-establishes access using established identification and authentication procedures.
RHEL-08-020030 V2R3 RHEL 8 must enable a user session lock until that user re-establishes access using established identification and authentication procedures for graphical user sessions.
RHEL-08-020050 V2R3 RHEL 8 must be able to initiate directly a session lock for all connection types using smartcard when the smartcard is removed.
RHEL-09-271045 V2R4 RHEL 9 must be able to initiate directly a session lock for all connection types using smart card when the smart card is removed.
RHEL-09-271050 V2R4 RHEL 9 must prevent a user from overriding the disabling of the graphical user smart card removal action.
RHEL-09-271055 V2R4 RHEL 9 must enable a user session lock until that user re-establishes access using established identification and authentication procedures for graphical user sessions.
RHEL-09-271060 V2R4 RHEL 9 must prevent a user from overriding the screensaver lock-enabled setting for the graphical user interface.
SLES-12-010060 V3R2 The SUSE operating system must be able to lock the graphical user interface (GUI).
SLES-12-010070 V3R2 The SUSE operating system must utilize vlock to allow for session locking.
SLES-15-010100 V2R4 The SUSE operating system must be able to lock the graphical user interface (GUI).
SLES-15-010110 V2R4 The SUSE operating system must utilize vlock to allow for session locking.
UBTU-18-010401 V2R15 The Ubuntu operating system must retain a users session lock until that user reestablishes access using established identification and authentication procedures.
UBTU-20-010004 V2R1 The Ubuntu operating system must retain a user's session lock until that user reestablishes access using established identification and authentication procedures.
UBTU-22-271020 V2R4 Ubuntu 22.04 LTS must retain a user's session lock until that user reestablishes access using established identification and authentication procedures.
UBTU-24-200040 V1R1 Ubuntu 24.04 LTS must retain a user's session lock until the user reestablishes access using established identification and authentication procedures.
WN10-CC-000365 V3R4 Windows 10 must be configured to prevent Windows apps from being activated by voice while the system is locked.
WN11-CC-000365 V2R3 Windows 11 must be configured to prevent Windows apps from being activated by voice while the system is locked.
WN19-SO-000120 V3R4 Windows Server 2019 machine inactivity limit must be set to 15 minutes or less, locking the system with the screen saver.
WN22-SO-000120 V2R4 Windows Server 2022 machine inactivity limit must be set to 15 minutes or less, locking the system with the screen saver.