CIS Microsoft Windows 10 Enterprise Release 1909 Benchmark

Remediation:

To establish the recommended configuration via GP, set the following UI path to Enabled :

User Configuration\Policies\Administrative Templates\Control Panel\Personalization\Enable screen saver

Note: This Group Policy path may not exist by default. It is provided by the Group Policy template ControlPanelDisplay.admx/adml that is included with the Microsoft Windows 7 & Server 2008 R2 Administrative Templates (or newer).

Impact:

A screen saver runs, provided that the following two conditions hold: First, a valid screen saver on the client is specified through the Force specific screen saver setting (Rule 19.1.3.2) or through Control Panel on the client computer. Second, the Screen saver timeout setting (Rule 19.1.3.4) is set to a nonzero value through the setting or through Control Panel.

Default Value:

Enabling/disabling the screen saver is managed locally by the user.

References:

1. CCE-33164-5

CIS Controls:

Version 6

16.5 Ensure Workstation Screen Locks Are Configured Configure screen locks on systems to limit access to unattended workstations.

Version 7

16.11 LockWorkstation Sessions After Inactivity Automatically lockworkstation sessions after a standard period of inactivity.

1194 | P a g e