CIS Microsoft Windows 10 Enterprise Release 1909 Benchmark

19.1.3.3 (L1) Ensure 'Password protect the screen saver' is set to 'Enabled' (Scored)

ProfileApplicability:

 Level 1 (L1) - Corporate/Enterprise Environment (general use)

Description:

This setting determines whether screen savers used on the computer are password protected.

The recommended state for this setting is: Enabled .

Rationale:

If a user forgets to lock their computer when they walk away, it is possible that a passerby will hijack it. Configuring a timed screen saver with password lock will help to protect against these hijacks.

Audit:

Navigate to the UI Path articulated in the Remediation section and confirm it is set as prescribed. This group policy setting is backed by the following registry location:

HKEY_USERS\[USER SID]\Software\Policies\Microsoft\Windows\Control Panel\Desktop:ScreenSaverIsSecure

Remediation:

To establish the recommended configuration via GP, set the following UI path to Enabled :

User Configuration\Policies\Administrative Templates\Control Panel\Personalization\Password protect the screen saver

Note: This Group Policy path is provided by the Group Policy template ControlPanelDisplay.admx/adml that is included with all versions of the Microsoft Windows Administrative Templates.

1197 | P a g e