Drata

NOTE: Your company may have alternate specific guidance for how you should configure auto-lock - please check with your IT and compliance teams.

Leaving your workstation unattended is a potential security risk to the company. A screensaver that auto-locks your machine is an important control against security threats. 

Let's configure your workstation to auto-lock when your screensaver is activated.

___________________________________________________________

As of 9/7/2021 We've updated this test to confirm that employee computers have a required password 60 seconds or less after the machine has been idle for at least 15 minutes.

Open System Preferences, then click on Security &amp; Privacy

Check the Require password box, and set the dropdown to 1 minutes

1. Open System Preferences, then click on Security &amp; Privacy
2. Click on the General tab
3. Check the Require password box, and set the dropdown to 1 minutes

Open System Preferences, then click on Desktop &amp; Screensaver

Update the time for 'Show screen saver after' to 15 minutes or less

1. Open System Preferences, then click on Desktop &amp; Screensaver
2. Update the time for 'Show screen saver after' to 15 minutes or less

Click on "Lock Screen" in the left sidebar

Set the "Start Screen Saver when inactive," "Turn display off on battery when inactive," and "Turn display off on power adapter when inactive" settings all to 10 minutes or less

1. MacOS Ventura offers 10-minute and 20-minute options, but 20 minutes will fail the test in Drata

Set "Require password after screen saver begins or display is turned off" to 60 seconds or less

1. Open System Settings
2. Click on "Lock Screen" in the left sidebar
3. Set the "Start Screen Saver when inactive," "Turn display off on battery when inactive," and "Turn display off on power adapter when inactive" settings all to 10 minutes or less
 1. MacOS Ventura offers 10-minute and 20-minute options, but 20 minutes will fail the test in Drata
4. Set "Require password after screen saver begins or display is turned off" to 60 seconds or less

For your plan, Change plan settings

Click 'Change advanced power settings'

In the Power Options window, find Display and Console lock display off timeout

1. Go to Control Panel
2. Open Hardware and Sound
3. Open Power Options
4. For your plan, Change plan settings
5. Click 'Change advanced power settings'
6. In the Power Options window, find Display and Console lock display off timeout
7. Select a time 1 minute or less

Select Screen saver settings and enter an option 15 minutes or less

1. Go to Settings
2. Select Personalization
3. Select Lock Screen
4. Select Screen saver settings and enter an option 15 minutes or less

From the Privacy menu sidebar, click Screen Lock

Select 15 minutes or less for Blank Screen Delay

Select a value 1 minute or less for the Automatic Screen Lock Delay

1. Open Settings
2. From the sidebar, click Privacy
3. From the Privacy menu sidebar, click Screen Lock
4. Select 15 minutes or less for Blank Screen Delay
5. Select a value 1 minute or less for the Automatic Screen Lock Delay

Configuring your workstation to auto-lock (and require a password) when the screensaver activates

HERE'S WHY

HERE'S HOW