{"description": "If not already configured, ensure that users cannot change GNOME3 screensaver lock settings\nby adding <pre>/org/gnome/desktop/screensaver/idle-activation-enabled</pre>\nto <tt>/etc/dconf/db/local.d/00-security-settings</tt>.\nFor example:\n<pre>/org/gnome/desktop/screensaver/idle-activation-enabled</pre>\nAfter the settings have been set, run <tt>dconf update</tt>.", "rationale": "A session lock is a temporary action taken when a user stops work and moves away from the immediate physical vicinity\nof the information system but does not want to logout because of the temporary nature of the absence.", "severity": "medium", "references": {"cis-csc": ["1", "12", "15", "16"], "cjis": ["5.5.5"], "cobit5": ["DSS05.04", "DSS05.10", "DSS06.10"], "cui": ["3.1.10"], "isa-62443-2009": ["4.3.3.6.1", "4.3.3.6.2", "4.3.3.6.3", "4.3.3.6.4", "4.3.3.6.5", "4.3.3.6.6", "4.3.3.6.7", "4.3.3.6.8", "4.3.3.6.9"], "isa-62443-2013": ["SR 1.1", "SR 1.10", "SR 1.2", "SR 1.5", "SR 1.7", "SR 1.8", "SR 1.9"], "iso27001-2013": ["A.18.1.4", "A.9.2.1", "A.9.2.4", "A.9.3.1", "A.9.4.2", "A.9.4.3"], "nist": ["CM-6(a)"], "nist-csf": ["PR.AC-7"], "pcidss": ["Req-8.1.8"], "srg": ["SRG-OS-000029-GPOS-00010"]}, "control_references": {}, "components": [], "identifiers": {}, "ocil_clause": "idle-activation-enabled is not locked", "ocil": "To ensure that users cannot disable the screensaver idle inactivity setting, run the following:\n<pre>$ grep idle-activation-enabled /etc/dconf/db/local.d/locks/*</pre>\nIf properly configured, the output should be <tt>/org/gnome/desktop/screensaver/idle-activation-enabled</tt>", "oval_external_content": null, "fixtext": "", "checktext": "", "vuldiscussion": "", "srg_requirement": "", "warnings": [], "conflicts": [], "requires": [], "policy_specific_content": {}, "platform": null, "platforms": [], "sce_metadata": {}, "inherited_platforms": ["package[gdm]"], "cpe_platform_names": [], "inherited_cpe_platform_names": ["package_gdm"], "bash_conditional": null, "fixes": {}, "title": "Ensure Users Cannot Change GNOME3 Screensaver Idle Activation", "definition_location": "/aptdata/openscap/scap-security-guide/linux_os/guide/system/software/gnome/gnome_screen_locking/dconf_gnome_screensaver_idle_activation_locked/rule.yml", "template": null}