NOTE: Your company may have alternate specific guidance for how you should configure auto-lock - please check with your IT and compliance teams.
HERE'S WHY
Leaving your workstation unattended is a potential security risk to the company. A screensaver that auto-locks your machine is an important control against security threats.
HERE'S HOW
Let's configure your workstation to auto-lock when your screensaver is activated.
As of 9/7/2021 We've updated this test to confirm that employee computers have a required password 60 seconds or less after the machine has been idle for at least 15 minutes.
For MacOS prior to Ventura:
Open System Preferences, then click on Security & Privacy
Click on the General tab
Check the Require password box, and set the dropdown to 1 minutes
Then....
Open System Preferences, then click on Desktop & Screensaver
Update the time for 'Show screen saver after' to 15 minutes or less
For MacOS Ventura:
Open System Settings
Click on "Lock Screen" in the left sidebar
Set the "Start Screen Saver when inactive," "Turn display off on battery when inactive," and "Turn display off on power adapter when inactive" settings all to 10 minutes or less
MacOS Ventura offers 10-minute and 20-minute options, but 20 minutes will fail the test in Drata
Set "Require password after screen saver begins or display is turned off" to 60 seconds or less
For Windows:
Go to Control Panel
Open Hardware and Sound
Open Power Options
For your plan, Change plan settings
Click 'Change advanced power settings'
In the Power Options window, find Display and Console lock display off timeout
Select a time 1 minute or less
Then...
Go to Settings
Select Personalization
Select Lock Screen
Select Screen saver settings and enter an option 15 minutes or less
For Ubuntu Linux:
Open Settings
From the sidebar, click Privacy
From the Privacy menu sidebar, click Screen Lock
Select 15 minutes or less for Blank Screen Delay
Select a value 1 minute or less for the Automatic Screen Lock Delay