Standard for Device Screen Lock

Purpose

A password-protected screen saver locks the computer system or device after a set amount of time with no activity. By requiring a user to sign in when they return, it minimizes the risk of an unauthorized person using an active session while the authorized user is away. A password-enabled screen saver helps to protect the information displayed on your screen, stored on your computer system or device, and the information that is accessible from your computer system or device when left unattended.

Application

Computer system or devices assigned to individual faculty, staff, graduate assistants, teaching assistants, and student employees will have the password-protected screen saver enabled.

Exceptions

Classroom instructor PCs or auditorium or conference machine PCs that drive projection systems that need to display data during instruction or presentations.

Digital signage and kiosk systems.

The lock out time for machines that contain highly sensitive information and or in high traffic areas should be evaluated as some situations may warrant a lock out time that is well below the 15 minute standard.

Other exceptions are very rarely granted as screen locking timeouts are a standard security measure. Perceived inconvenience is not sufficient grounds for removal. We are able to exempt computers from the timeout policy only in circumstances where: physical security for the space in which the computer is located is of such high quality as to make access by unauthorized users effectively impossible; or application of the timeout policy to the particular computer is materially detrimental to work activities and makes work processes effectively impossible.

Exceptions can be requested by submitting a Security Standard Exemption service request in the OIT Service Catalog.

Standard

The Office of Information Technology has set the standard for screen saver lockout which is 15 minutes. After 15 minutes of no activity, the screen saver will be invoked. No transparent screensavers are allowed.

All University-owned computer system or device should be configured to have a password-enabled screen saver. This security lockout feature should automatically initiate after the computer system or device remains idle from user interaction after the standard, predefined time period. The user must then re-enter their password to gain access to the computer system or device. The general best practice for enabling automatic lockout of a screen saver is to set the timeout so that it can provide adequate security and not be inconvenient to the user.

Details

Article ID: 85670
Created
Tue 8/27/19 12:36 PM
Modified
Wed 7/6/22 9:13 AM