In compliance with the Commonwealth of Virginia's Information Security Standard (SEC501-09), Mason-owned systems will initiate a session lock after 30 minutes of inactivity to prevent unauthorized access of data on computers. Mason personnel and information technology systems required to comply with the Health Insurance Portability and Accountability Act (HIPAA) law or the Payment Card Industry Data Security Standard (PCI-DSS) will implement the current applicable inactivity period. The current PCI-DSS standard is 15 minutes. These standards safeguard access to shared university data and sensitive information, such as that protected by the Family Education Rights and Privacy Act (FERPA).

After 30 minutes of inactivity or 15 minutes in the case of PCI-DSS compliance, faculty and staff computers will auto-lock with a screensaver that will require users to input a password to access their computers again. This policy does not apply to public space computers or computer labs. If you feel that your computer qualifies for an exception to this policy, contact ITS Support.