PingSentry   |   Discord   |   System32   |   GitHub   |   Free tools

Logon: Smart Card removal option must be configured to Force Logoff or Lock Workstation

1cf17a56-a4f1-419e-9a3a-295b06486df5

Unattended systems are susceptible to unauthorized use and must be locked. Configuring a system to lock when a smart card is removed will ensure the system is inaccessible when unattended.

Remediation

To fix this configure the policy value for
Computer Configuration
|_ Windows Settings
|_ Security Settings
|_ Local Policies
|_ Security Options
|_ Interactive logon: Smart card removal behavior to "Lock Workstation" or "Force Logoff".

STIG: Server
2022: https://system32.eventsentry.com/stig/viewer/V-254459
2019: https://system32.eventsentry.com/stig/viewer/V-254459
2016: https://system32.eventsentry.com/stig/viewer/V-225038

Desktop
W11: https://system32.eventsentry.com/stig/viewer/V-253448
W10: https://system32.eventsentry.com/stig/viewer/V-220924

NIST 800-53 : AC-11, AC-12, IA-2, CM-6
NIST 800-171: 3.1.10, 3.4.6
CMMC v2.0 L2: AC.L2-3.1.10, CM.L2-3.4.6
PCI-DSS v4.0: 2.2.1, 8.6.1
HIPAA SR : ยง164.312(a)(2)(iii)
HIPAA HICP : Practice 3 (Identity and Access Management)



Tags

stig-medium-server stig-medium-desktop nist800-171-server nist800-171-desktop nist800-53-desktop nist800-53-server pci-dss-v4-desktop pci-dss-v4-server hipaa-desktop hipaa-server cmmc2-l2-desktop cmmc2-l2-server

Your Privacy Choices

Manage your cookie preferences below:

Helps us improve website performance and understand how visitors use our site.

Allows us to collect feedback about our products and improve them based on your input.

To learn more about our use of cookies, please see our
Privacy Policy.