STIGhubSTIGhub
STIGsRMF ControlsCompare
STIGhub— A free STIG search and compliance tool·STIGs updated 3 days ago
Powered by Pylon·Privacy·Terms·© 2026 Beacon Cloud Solutions, Inc.
← All Controls

AC-11

Access ControlRev 5system

Device Lock

Baselines:ModerateHigh

Control Statement

a. Prevent further access to the system by [Selection: organization-defined value] ; and b. Retain the device lock until the user reestablishes access using established identification and authentication procedures.

Supplemental Guidance

Device locks are temporary actions taken to prevent logical access to organizational systems when users stop work and move away from the immediate vicinity of those systems but do not want to log out because of the temporary nature of their absences. Device locks can be implemented at the operating system level or at the application level. A proximity lock may be used to initiate the device lock (e.g., via a Bluetooth-enabled device or dongle). User-initiated device locking is behavior or policy-based and, as such, requires users to take physical action to initiate the device lock. Device locks are not an acceptable substitute for logging out of systems, such as when organizations require users to log out at the end of workdays.

Related Controls (4)

AC-2AC-7IA-11PL-4

CCI Identifiers (4)

CCI-000056Retain the device lock until the user reestablishes access using established identification and authentication procedures.CCI-000057Prevent further access to the system by initiating a device lock after organization-defined time period of inactivity; and/or requiring the user to initiate a device lock before leaving the system unattended.CCI-000058The information system provides the capability for users to directly initiate session lock mechanisms.CCI-000059Defines the time-period of inactivity after which the system initiates a device lock.

Linked STIG Checks (200)

Across 92 STIGs. Click to expand.