Comment 15 for bug 1798615

John Crown (jqc) wrote :

I believe this bug affects security, given that it is a failure of Ubuntu to perform a
"Session Lock". E.g. this is from NIST Special Publication 800-53 (Rev. 4):

  https://nvd.nist.gov/800-53/Rev4/control/AC-11

  The information system:

    a. Prevents further access to the system by initiating a session lock
       after [Assignment: organization-defined time period] of inactivity or
       upon receiving a request from a user; and

    b. Retains the session lock until the user reestablishes access using
       established identification and authentication procedures.

The name has been changed from "Session Lock" to "Device Lock" in Rev 5
(draft, 2017), but it's still listed there for the sake of best practices.