AC.L2-3.1.10 — Use session lock with pattern-hiding displays to prevent access and viewing of data after a period of inactivity.
What this control requires
Use session lock with pattern-hiding displays to prevent access and viewing of data after a period of inactivity.
Source: CMMC L2 v2.13 AC.L2-3.1.10 / NIST SP 800-171 R2 3.1.10 (official control text).
Why this matters
Session locks prevent unauthorized viewing of sensitive data when employees step away from their workstations. Without automatic screen locking, passersby—whether visitors, contractors, or unauthorized personnel—can read emails, view documents, or access systems using an authenticated session. Pattern-hiding displays (screen savers or blank screens) ensure that even the visual appearance of applications doesn't leak controlled unclassified information. This control addresses the physical security gap between active work and formal logout, protecting against shoulder surfing and opportunistic access during temporary absences like meetings, breaks, or bathroom visits.
What evidence assessors expect
Assessors typically look for: screenshot, photo, PDF. FORCE coaches you through the exact implementation steps and captures each artifact in-platform.
Related controls
See your live posture on AC.L2-3.1.10.
FORCE shows where you stand on this control and walks you through closing it.
Start a free trial tenant →