Educause Security Discussion
mailing list archives
Re: Automatic timeout to locking screensaver
From: Clifford Collins <collinsc () FRANKLIN EDU>
Date: Thu, 4 Oct 2012 12:26:12 -0400
1. Franklin University imposes a mandatory locking screen saver through GPO on all University-owned computers.
2. We do this regardless of account type: faculty, staff, consultant, student, library visitor, you name it. We have an
exception for classroom instructor PCs that drive projection systems and the PC in our main auditorium connected to a
projector. Our mandatory locking policy also applies to laptops which also require whole-disk encryption.
3. As for how long, we settled on 15 minutes to satisfy PCI requirements. Hey, it's easy to blame it on the credit card
Clifford A. Collins
Information Security Officer
201 South Grant Avenue
Columbus, Ohio 43215
"Security is a process, not a product"
----- Original Message -----
From: "David Curry" <david.curry () NEWSCHOOL EDU>
To: SECURITY () LISTSERV EDUCAUSE EDU
Sent: Thursday, October 4, 2012 12:05:52 PM
Subject: [SECURITY] Automatic timeout to locking screensaver
I'm trying to make the case for implementing a mandatory locking screensaver on our office workstations/laptops
(faculty and administrative staff). It would be done in the usual way: after some period (15, 20, 30 minutes TBD) of
idle time, the system would invoke the screen saver, and to restore the screen and continue working, the user would
have to enter his or her password. Reaction has been mixed (as I expected), and the usual question has come up: "well,
what do other universities do?"
1. Do you implement a mandatory locking screen saver on your staff and/or faculty computers?
2. If so, do you do so for all staff/faculty, or just certain groups (and what are those groups)?
3. If so, how long is your timeout before the screensaver starts?
DAVID A. CURRY, CISSP • DIRECTOR OF INFORMATION SECURITY
THE NEW SCHOOL • 55 W. 13TH STREET • NEW YORK, NY 10011
+1 212 229-5300 x4728 • david.curry () newschool edu