Loading...
Back Use as-is — fill it now

Agent Idle Session Lock Compliance Check

Agent Idle Session Lock Compliance Check

Confirms that agent workstations automatically lock and require re-authentication after the required idle timeout period, in alignment with HIPAA automatic logoff requirements and organizational security policy.

Inspection Setup

  • Inspection date and time
    Record the exact date and time this inspection is conducted.
  • Inspector name and role
    Full name and job title of the person conducting this inspection (e.g., IT Security Analyst, Compliance Officer).
  • Workstation asset tag / hostname
    Enter the asset tag number or network hostname of the workstation being inspected.
  • Agent name or station ID (if occupied)
    Name or station ID of the agent assigned to this workstation, if applicable. Leave blank for unassigned stations.
  • Operating system and version
    Select the operating system installed on the workstation.

Screen Lock and Idle Timeout Configuration

  • Screen lock / screensaver idle timeout is configured
    Confirm that an idle timeout triggering screen lock or screensaver is set at the OS level. A 'No' answer is an automatic failure.
  • Idle timeout value (minutes)
    Record the currently configured idle timeout in minutes. Acceptable range is 1–15 minutes per policy. Values above 15 minutes constitute a non-conformance.
  • Screen lock activates automatically upon idle timeout (observed or verified in settings)
    Confirm by direct observation or settings review that the workstation screen locks (not merely dims) when the idle timeout elapses.
  • Timeout setting is enforced via Group Policy or MDM (not user-adjustable)
    Verify that the idle timeout is pushed via Active Directory Group Policy, Intune, or equivalent MDM so individual agents cannot increase or disable it.

Re-Authentication Requirements

  • Password or credential prompt is required to unlock the screen
    Attempt to unlock the workstation from a locked state and confirm a password, PIN, smart card, or biometric prompt is presented. Bypassing without credentials is a critical deficiency.
  • Authentication method in use
    Record the authentication method required at screen unlock.
  • Guest or auto-login is disabled on this workstation
    Confirm that guest accounts and automatic login features are disabled, preventing bypass of the lock screen.
  • Failed unlock attempts trigger account lockout per policy
    Verify that repeated failed unlock attempts result in account lockout consistent with the organization's account lockout policy (e.g., ≤ 5 failed attempts).

Physical Workstation Security

  • Workstation is located in an access-controlled area (badge, key, or escort required)
    Confirm the workstation is within a physically secured area that restricts entry to authorized personnel only.
  • Monitor screen is not directly visible to unauthorized passersby (visual privacy)
    Assess whether the monitor orientation or a privacy screen filter prevents shoulder-surfing by non-authorized individuals.
  • Workstation is free of written passwords or credentials posted visibly (sticky notes, whiteboards, etc.)
    Inspect the immediate workstation area for any written credentials that could allow an unauthorized person to unlock the session.

Application-Level Session Timeout (EHR / CRM)

  • Does this workstation access an EHR or other regulated application?
    If 'No', mark remaining items in this section as N/A in comments and proceed to the next section.
  • Application-level session timeout is enabled in the EHR / regulated app
    Confirm the EHR or regulated application has its own inactivity timeout configured, independent of the OS screen lock.
  • Application session timeout value (minutes)
    Record the application-level idle timeout in minutes. Acceptable range per EHR best practice is 1–15 minutes.

Deficiency Documentation and Corrective Actions

  • Number of deficiencies identified during this inspection
    Enter the total count of items marked 'No' or out-of-range during this inspection.
  • All critical deficiencies have an assigned corrective action owner
    Confirm that every critical non-conformance has a named responsible party documented in the corrective action log.
  • Target remediation date for open deficiencies
    Record the agreed target date by which all open deficiencies will be remediated and re-verified.
  • Photo evidence attached for any critical deficiency
    Confirm that photographic evidence has been captured for each critical deficiency to support the corrective action record.
  • Inspector signature
    Inspector signature confirming the accuracy of all findings recorded in this compliance check.
Ask AI Template Studio

Let's customize Agent Idle Session Lock Compliance Check.

Tell me how you'd like to adapt it. For example:

  • Add a question about delivery time.
  • Make it shorter — 5 questions max.
  • Tailor it for the hospitality industry.
  • Translate the labels into Spanish.
AI-generated responses may not be 100% accurate
Ask AI Product Advisor

Hi! I'm the MangoApps Product Advisor. I can help you with:

  • Understanding our 40+ workplace apps
  • Finding the right solution for your needs
  • Answering questions about pricing and features
  • Pointing you to free tools you can try right now

What would you like to know?

AI-generated responses may not be 100% accurate