Join GitHub today
GitHub is home to over 40 million developers working together to host and review code, manage projects, and build software together.Sign up
[CCE-28300-2] idle_time_for_screen_saver #2
Parameters: N / A
Reference: N / A
Rationale: N / A
SOHO: 900 seconds
Additional Mechanism: N / A
OVAL Content: N / A
plink53@… originally submitted this as comment:3:ticket:1
I'd like to add NIST SP800-53 rev4 and CNSSI-1253 rev2 (3/2012) references to these and other content.
AC-11 refers to session lock, preventing further access to the system by initiating a session lock after [Assignment:
AC-11 has different requirements depending on priority and baseline allocation (old CIA values). For low it's not required, for medium and high it also requires the use of a concealing screensaver. This references OMB Memorandum 06-16.
CNSSI-1253 (NSS systems only) specifies the time to be no more than 30 minutes.
There are other governing body's references and probably a better way to listing them for future use. I imagine we're just trying to get the tests configured right now but each of the tests could/do have a government requirement on their operation.
We've always used 10 minutes for the screen saver, now it has been expanded up to 30 minutes by CNSS. This value is up to the discretion of the organization's DAA and/or specific policy. Will there be an easy way to specify other setting values?
dubs@… originally submitted this as comment:4:ticket:1
In this case though there isn't a user session to secure. If no one has logged in yet there isn't a session to secure. Screensaver over login is simply for displaying information or preventing screen burn on CRT displays.