Systems are configured with a screen lock that: • activates after a maximum of 15 minutes of user inactivity, or when manually activated by users • conceals all content on the screen • ensures that the screen does not enter a power saving state before the screen lock is activated • requires users to re-authenticate using all authentication factors to unlock the system • denies users the ability to disable the screen locking mechanism.
Topic
Screen locking
Applicable to
Non Classified, Official, Protected, Secret, Top Secret
History
Mar 2025
Systems are configured with a screen lock that:
• activates after a maximum of 15 minutes of user inactivity, or when manually activated by users
• conceals all content on the screen
• ensures that the screen does not enter a power saving state before the screen lock is activated
• requires users to re-authenticate using all authentication factors to unlock the system
• denies users the ability to disable the screen locking mechanism.
A new control was added recommending that systems are configured with a screen lock that […]. This control was split from ISM-0428 with the addition of a new recommendation that users use all authentication factors when re-authenticating to unlock a system.