Standards Group:
YALE-MSS-7: Data Protection
YALE-MSS-7.9: Use inactivity locks
Low Risk Endpoint
Not Required
Moderate Risk Endpoint
Required
High Risk Endpoint
Required
Low Risk Server
Not Required
Moderate Risk Server
Required
High Risk Server
Required
Low Risk Mobile Device
Not Required
Moderate Risk Mobile Device
Required
High Risk Mobile Device
Required
Low Risk Network Printer
Not Required
Moderate Risk Network Printer
Required
High Risk Network Printer
Required
Details
Use an inactivity screen lock that automatically disables access and requires a password to unlock. The system must lock after 45 minutes or less of inactivity.
If the system is located in a Critical IT Space that implements the physical security controls outlined in Yale-MSS-4.1, the system does not need a screen lock and no policy exception is required.