{"description": "To activate the screensaver in the GNOME3 desktop after a period of inactivity,\nadd or set <tt>idle-activation-enabled</tt> to <tt>true</tt> in\n<tt>/etc/dconf/db/local.d/00-security-settings</tt>. For example:\n<pre>[org/gnome/desktop/screensaver]\nidle-activation-enabled=true</pre>\nOnce the setting has been added, add a lock to\n<tt>/etc/dconf/db/local.d/locks/00-security-settings-lock</tt> to prevent user modification.\nFor example:\n<pre>/org/gnome/desktop/screensaver/idle-activation-enabled</pre>\nAfter the settings have been set, run <tt>dconf update</tt>.", "rationale": "A session time-out lock is a temporary action taken when a user stops work and moves away from the immediate\nphysical vicinity of the information system but does not logout because of the temporary nature of the absence.\nRather than relying on the user to manually lock their operating system session prior to vacating the vicinity,\nGNOME desktops can be configured to identify when a user's session has idled and take action to initiate the\nsession lock.\n<br /><br />\nEnabling idle activation of the screensaver ensures the screensaver will\nbe activated after the idle delay.  Applications requiring continuous,\nreal-time screen display (such as network management products) require the\nlogin session does not have administrator rights and the display station is located in a\ncontrolled-access area.", "severity": "medium", "references": {"cis-csc": ["1", "12", "15", "16"], "cjis": ["5.5.5"], "cobit5": ["DSS05.04", "DSS05.10", "DSS06.10"], "cui": ["3.1.10"], "isa-62443-2009": ["4.3.3.6.1", "4.3.3.6.2", "4.3.3.6.3", "4.3.3.6.4", "4.3.3.6.5", "4.3.3.6.6", "4.3.3.6.7", "4.3.3.6.8", "4.3.3.6.9"], "isa-62443-2013": ["SR 1.1", "SR 1.10", "SR 1.2", "SR 1.5", "SR 1.7", "SR 1.8", "SR 1.9"], "iso27001-2013": ["A.18.1.4", "A.9.2.1", "A.9.2.4", "A.9.3.1", "A.9.4.2", "A.9.4.3"], "nist": ["CM-6(a)", "AC-11(a)"], "nist-csf": ["PR.AC-7"], "pcidss": ["Req-8.1.8"], "srg": ["SRG-OS-000029-GPOS-00010"], "pcidss4": ["8.2.8", "8.2"]}, "control_references": {"pcidss4": ["8.2.8", "8.2"]}, "components": [], "identifiers": {}, "ocil_clause": "idle-activation-enabled is not enabled or configured", "ocil": "To check the screensaver mandatory use status, run the following command:\n<pre>$ gsettings get org.gnome.desktop.screensaver idle-activation-enabled</pre>\nIf properly configured, the output should be <tt>true</tt>.\nTo ensure that users cannot disable the screensaver idle inactivity setting, run the following:\n<pre>$ grep idle-activation-enabled /etc/dconf/db/local.d/locks/*</pre>\nIf properly configured, the output should be <tt>/org/gnome/desktop/screensaver/idle-activation-enabled</tt>", "oval_external_content": null, "fixtext": "", "checktext": "", "vuldiscussion": "", "srg_requirement": "", "warnings": [], "conflicts": [], "requires": [], "policy_specific_content": {}, "platform": null, "platforms": [], "sce_metadata": {}, "inherited_platforms": ["package[gdm]"], "cpe_platform_names": [], "inherited_cpe_platform_names": ["package_gdm"], "bash_conditional": null, "fixes": {}, "title": "Enable GNOME3 Screensaver Idle Activation", "definition_location": "/aptdata/openscap/scap-security-guide/linux_os/guide/system/software/gnome/gnome_screen_locking/dconf_gnome_screensaver_idle_activation_enabled/rule.yml", "template": null}