:

16.11: Lock Workstation Sessions After Inactivity

Sub-control 16.11 states that you must automatically lock workstation sessions after a standard period of inactivity.

Asset Type	Security Function	Implementation Groups
Users	Protect	1, 2, 3

Dependencies

Sub-control 1.4: Maintain Detailed Asset Inventory
Sub-control 1.5: Maintain Asset Inventory Information
Sub-control 5.1: Establish Secure Configurations

Inputs

List of workstations with locking: A list of workstations which have enabled automatic workstation locking
List of workstations: A list of all workstations.
Workstation configuration policy: The workstation configuration policy that establishes the organization’s workstation locking time threshold.

Operations

For each workstation with locking enabled, collect the locking time threshold.
Collect the list of workstations whose locking time threshold exceeds the value specified by I3.

Measures

Measure	Definition
M1 = List of Workstations	A list of all systems discovered using Tenable Security Center and checked with audit files.
M2 = Count of items in M1	A count of the total number of items in M1.
M3 = List of workstations with automatic workstation locking enabled	A list all of workstations with automatic workstation locking enabled.
M4 = Count of items in M3	A count of the total number of items in M3.
M5 = List of appropriately configured workstations	A list of all systems with the appropriate benchmark configured correctly.
M6 = Count of items in M5	A count of the total number of items in M5.
M7 = List of inappropriately configured workstations	A list of all systems with the appropriate benchmark configured incorrectly.
M8 = Count of items in M7	A count of the total number of items in M7.

Metrics

Misconfigured Workstations

Metric	Calculation
The percentage of workstations with automatic locking enabled that are configured within the locking time threshold.	M6 / M2

Unconfigured Workstations

Metric	Calculation
The number of workstations that do not have automatic locking enabled.	M2 - M4

Copyright © 2023 Tenable, Inc. All rights reserved. Tenable, Tenable Nessus, Tenable Lumin, Assure, and the Tenable logo are registered trademarks of Tenable, Inc. or its affiliates. All other products or services are trademarks of their respective owners.