CIS Microsoft Windows 10 Enterprise Release 1909 Benchmark

19.1.3.4 (L1) Ensure 'Screen saver timeout' is set to 'Enabled: 900 seconds or fewer, but not 0' (Scored)

ProfileApplicability:

 Level 1 (L1) - Corporate/Enterprise Environment (general use)

Description:

This setting specifies how much user idle time must elapse before the screen saver is launched.

The recommended state for this setting is: Enabled: 900 seconds or fewer, but not 0 .

Note: This setting has no effect under the following circumstances:

The wait time is set to zero.



 The "Enable Screen Saver" setting is disabled.  A valid screen existing saver is not selected manually or via the "Screen saver executable name" setting

Rationale:

If a user forgets to lock their computer when they walk away, it is possible that a passerby will hijack it. Configuring a timed screen saver with password lock will help to protect against these hijacks.

Audit:

Navigate to the UI Path articulated in the Remediation section and confirm it is set as prescribed. This group policy setting is backed by the following registry location:

HKEY_USERS\[USER SID]\Software\Policies\Microsoft\Windows\Control Panel\Desktop:ScreenSaveTimeOut

1199 | P a g e