If the following registry value does not exist or is not configured as specified, this is a finding:Registry Hive: HKEY_LOCAL_MACHINERegistry Path: \SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Value Name: SCRemoveOptionValue Type: REG_SZValue: 1 (Lock Workstation) or 2 (Force Logoff)This can be left not configured or set to "No action" on workstations with the following conditions. This must be documented with the ISSO.-The setting cannot be configured due to mission needs, or because it interferes with applications.-Policy must be in place that users manually lock workstations when leaving them unattended.-The screen saver is properly configured to lock as required.

Configure the policy value for Computer Configuration >> Windows Settings >> Security Settings >> Local Policies >> Security Options >> "Interactive logon: Smart card removal behavior" to "Lock Workstation" or "Force Logoff".