NIST 800-53 REV 5 • ACCESS CONTROL

AC-11(1)Pattern-hiding Displays

Conceal, via the device lock, information previously visible on the display with a publicly viewable image.

CMMC Practice Mapping

NIST 800-171 Mapping

Related Controls

No related controls listed

Supplemental Guidance

The pattern-hiding display can include static or dynamic images, such as patterns used with screen savers, photographic images, solid colors, clock, battery life indicator, or a blank screen with the caveat that controlled unclassified information is not displayed.

Practitioner Notes

When the screen locks, the display should hide all previously visible information. No documents, emails, or data should be visible through the lock screen — even partially.

Example 1: Configure the Windows lock screen via GPO to show only the corporate logo — no email previews, calendar appointments, or notifications. Set this at Computer Configuration → Administrative Templates → Control Panel → Personalization → "Do not display the lock screen" and configure notification settings to hide content on the lock screen.

Example 2: On mobile devices managed via Intune, configure the lock screen notification setting to Hide sensitive notification content. On iOS, this prevents message previews from appearing on the lock screen. On Android, set Lock screen notifications to Block or Hide sensitive content.

More Access Control Controls

AC-1 Policy and Procedures AC-2 Account Management AC-2(1) Automated System Account Management AC-2(2) Automated Temporary and Emergency Account Management