Graphical desktop environments provided by the system must automatically lock after 15 minutes of inactivity and the system must require users to re-authenticate to unlock the environment.

From AIX 6.1 SECURITY TECHNICAL IMPLEMENTATION GUIDE

Associated with IA controls: PESL-1

Associated with: CCI-000057

SV-39096r1_rule Graphical desktop environments provided by the system must automatically lock after 15 minutes of inactivity and the system must require users to re-authenticate to unlock the environment.

Vulnerability discussion

If graphical desktop sessions do not lock the session after 15 minutes of inactivity, requiring re-authentication to resume operations, the system or individual data could be compromised by an alert intruder who could exploit the oversight. This requirement applies to graphical desktop environments provided by the system to locally attached displays and input devices, as well as, to graphical desktop environments provided to remote systems, including thin clients.

Check content

Log into a graphical desktop environment provided by the system. Allow the session to remain idle for 15 minutes. If the desktop session is not automatically locked after 15 minutes, or does not require re-authentication to resume operations, this is a finding.

Fix text

Consult vendor documentation to determine the settings required for the system to lock graphical desktop environments. Configure the system to lock graphical desktop environments after 15 minutes of inactivity and require re-authentication to resume operations.

Pro Tips

Lavender hyperlinks in small type off to the right (of CSS class id, if you view the page source) point to globally unique URIs for each document and item. Copy the link location and paste anywhere you need to talk unambiguously about these things.

You can obtain data about documents and items in other formats. Simply provide an HTTP header Accept: text/turtle or Accept: application/rdf+xml.