SV-88197.md
---
scapolite:
class: rule
version: '0.51'
id: SV-88197
id_namespace: mil.disa.Windows-Server-2016-STIG
title: Users must be prompted to authenticate when the system wakes from sleep (on
battery).
rule: <see below>
description: <see below>
applicability:
- system: org.scapolite.xccdf.applicability
weight: 10.0
selected: false
role: ''
severity: medium
implementations:
- relative_id: F-79979r1
description: <see below>
automations:
- system: org.scapolite.implementation.win_gpo
ui_path: Computer Configuration\Administrative Templates\System\Power Management\Sleep
Settings\Require a password when a computer wakes (on battery)
value: Enabled
verification_status: Checked.
- system: org.scapolite.implementation.windows_registry
config: Computer
registry_key: Software\Policies\Microsoft\Power\PowerSettings\0e796bdb-100d-47d6-a2d5-f7d2daa51f51
value_name: DCSettingIndex
action: DWORD:1
checks:
- relative_id: C-73611r1
description: <see below>
- relative_id: '01'
title: OVAL-based check
description: <see below>
automations:
- system: http://oval.mitre.org/XMLSchema/oval-definitions-5
idref: oval:mil.disa.stig.windows:def:1094
href: U_MS_Windows_Server_2016_V1R7_STIG_SCAP_1-2_Benchmark-oval.xml
exports:
- value_id_namespace: mil.disa.Windows-Server-2016-STIG
value_idref: require_a_password_when_a_computer_wakes_on_battery_var
variable_idref: oval:mil.disa.stig.windows:var:109400
crossrefs:
- system: http://iase.disa.mil/cci
idref: CCI-000366
relation: ''
- system: http://cce.mitre.org
idref: CCE-47317-3
relation: ''
history:
- version: r1
action: created
description: WN16-CC-000210
internal_comment: ''
---
## /rule
Users must be prompted to authenticate when the system wakes from sleep (on battery).
## /description
[**VulnDiscussion**]{.separator type='STIG'}
A system that does not require authentication when resuming from sleep may provide access to unauthorized users. Authentication must always be required when accessing a system. This setting ensures users are prompted for a password when the system wakes from sleep (on battery).
[**Documentable**]{.separator type='STIG'}
false
## /implementations/0/description
Configure the policy value for Computer Configuration >> Administrative Templates >> System >> Power Management >> Sleep Settings >> "Require a password when a computer wakes (on battery)" to "Enabled".
## /checks/0/description
If the following registry value does not exist or is not configured as specified, this is a finding.
Registry Hive: HKEY_LOCAL_MACHINE
Registry Path: \SOFTWARE\Policies\Microsoft\Power\PowerSettings\0e796bdb-100d-47d6-a2d5-f7d2daa51f51\
Value Name: DCSettingIndex
Type: REG_DWORD
Value: 0x00000001 (1)
## /checks/1/description
IASE supplies an OVAL check.