TOSS 5 must conceal via the session lock information previously visible on the display with a publicly viewable image.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
| V-282382 | TOSS-05-000277 | SV-282382r1200126_rule | CCI-000060 | medium |
| Description | ||||
| Setting the screensaver mode to blank-only conceals the contents of the display from passersby. | ||||
| STIG | Date | |||
| Tri-Lab Operating System Stack (TOSS) 5 Security Technical Implementation Guide | 2026-04-01 | |||
Details
Check Text (C-282382r1200126_chk)
To ensure the screensaver is configured to be blank, run the following command:
Note: This requirement assumes the use of the TOSS 5 default graphical user interface—the GNOME desktop environment. If the system does not have a graphical user interface installed, this requirement is not applicable.
$ gsettings get org.gnome.desktop.screensaver picture-uri
If properly configured, the output should be "''".
To ensure that users cannot set the screensaver background, run the following:
$ grep picture-uri /etc/dconf/db/local.d/locks/*
If properly configured, the output should be "/org/gnome/desktop/screensaver/picture-uri".
If it is not set or configured properly, this is a finding.
Fix Text (F-86848r1200125_fix)
Edit the "dconf" settings in the /etc/dconf/db/* location.
First, add or update the [org/gnome/desktop/screensaver] section of the "/etc/dconf/db/local.d/00-security-settings" database file and add or update the following lines:
[org/gnome/desktop/screensaver]
picture-uri=''
Add the following line to "/etc/dconf/db/local.d/locks/00-security-settings-lock" to prevent user modification:
/org/gnome/desktop/screensaver/picture-uri
Update the dconf system databases:
$ sudo dconf update