Screen Locking Standard

Purpose

A password-protected screen saver locks the desktop after a set amount of time with no activity. By requiring a user to sign in when they return, it minimizes the risk of an unauthorized person using an active session while the authorized user is away. A password-enabled screen saver helps to protect the information displayed on your screen, stored on your computer's hard drive, and the information that is accessible from your computer when you walk away from the computer.

Application

Computers assigned to individual faculty, staff, graduate assistants, teaching assistants, and student employees will have the password-protected screen saver enabled.

Exceptions

Classroom instructor PCs or auditorium or conference machine PCs that drive projection systems that need to display data during instruction or presentations.

Digital signage and kiosk systems.

The lock out time for machines that contain highly sensitive information and or in high traffic areas should be evaluated as some situations may warrant a lock out time that is well below the 15 minute standard.

Other exceptions are very rarely granted as screen locking timeouts are a standard security measure. Perceived inconvenience is not sufficient grounds for removal. We are able to exempt computers from the timeout policy only in circumstances where: physical security for the space in which the computer is located is of such high quality as to make access by unauthorized users effectively impossible; or application of the timeout policy to the particular computer is materially detrimental to work activities and makes work processes effectively impossible.

Exceptions can be requested by submitting a Security Standard Exemption service request in the OIT Service Catalog.

Standard

The Office of Information Technology has set the standard for screen saver lockout which is 15 minutes. After 15 minutes of no activity, the screen saver will be invoked. No transparent screensavers are allowed.

All University-owned computers should be configured to have a password-enabled screen saver. This security lockout feature should automatically initiate after the computer remains idle from user interaction after the standard, predefined time period. The user must then re-enter their password to gain access to the computer. The general best practice for enabling automatic lockout of a screen saver is to set the timeout so that it can provide adequate security and not be inconvenient to the user.

 

Was this helpful?
0 reviews

Details

Article ID: 85670
Created
Tue 8/27/19 12:36 PM
Modified
Tue 7/27/21 10:56 AM