CIS Microsoft Windows 10 Enterprise Release 1909 Benchmark

Remediation:

To establish the recommended configuration via GP, set the following UI path to Disabled :

Computer Configuration\Policies\Administrative Templates\System\Logon\Turn on convenience PIN sign-in

Note: This Group Policy path may not exist by default. It is provided by the Group Policy template CredentialProviders.admx/adml that is included with the Microsoft Windows 8.0 & Server 2012 (non-R2) Administrative Templates (or newer). Note #2: In older Microsoft Windows Administrative Templates, this setting was initially named Turn on PIN sign-in , but it was renamed starting with the Windows 10 Release 1511 Administrative Templates.

Impact:

None - this is the default behavior.

Default Value:

Disabled. (A domain user can't set up and use a convenience PIN.)

References:

1. CCE-35095-9

CIS Controls:

Version 6

16.5 Ensure Workstation Screen Locks Are Configured Configure screen locks on systems to limit access to unattended workstations.

Version 7

16.11 LockWorkstation Sessions After Inactivity Automatically lockworkstation sessions after a standard period of inactivity.

715 | P a g e