18.8.34.6.4 Ensure 'Require a password when a computer wakes (plugged in)' is set to 'Enabled'

Information

Specifies whether or not the user is prompted for a password when the system resumes from sleep.

The recommended state for this setting is: Enabled.

Rationale:

Enabling this setting ensures that anyone who wakes an unattended computer from sleep state will have to provide logon credentials before they can access the system.

Impact:

None - this is the default behavior.

Solution

To establish the recommended configuration via GP, set the following UI path to Enabled:

Computer Configuration\Policies\Administrative Templates\System\Power Management\Sleep Settings\Require a password when a computer wakes (plugged in)

Note: This Group Policy path may not exist by default. It is provided by the Group Policy template Power.admx/adml that is included with the Microsoft Windows 8.0 & Server 2012 (non-R2) Administrative Templates (or newer).

Default Value:

Enabled. (The user is prompted for a password when the system resumes from sleep while plugged in.)

See Also

https://workbench.cisecurity.org/benchmarks/14249

Item Details

Category: ACCESS CONTROL

References: 800-53|AC-11, CCE|CCE-35462-1, CSCv7|16.11

Plugin: Windows

Control ID: 5eba3a78d6a73c56e77789938c0b75fec572ae9334f3d7ebc3e0fa6dc9b832bb