NIST 800-171 R-3.1.10
Use Session Lock
Official citation: 3.1.10
Class: core · Severity: medium
Statement of the obligation — verify against source
3.1.10
What it means
Devices should automatically lock after a period of inactivity, hiding what's on screen behind a pattern (screen saver, solid color, or blank screen) that reveals no CUI, and require re-authentication to resume. Session lock is a temporary measure for short absences — it is not a substitute for logging out, for example at the end of the workday. It's usually enforced at the operating-system level, and sometimes at the application level.
Educational reference only — not legal advice. Consult a qualified assessor or attorney for binding compliance determinations.