Check: APPL-12-000006
Apple macOS 12 (Monterey) STIG:
APPL-12-000006
(in versions v1 r8 through v1 r1)
Title
The macOS system must conceal, via the session lock, information previously visible on the display with a publicly viewable image. (Cat III impact)
Discussion
A default screen saver must be configured for all users, as the screen saver will act as a session time-out lock for the system and must conceal the contents of the screen from unauthorized users. The screen saver must not display any sensitive information or reveal the contents of the locked session screen. Publicly viewable images can include static or dynamic images such as patterns used with screen savers, photographic images, solid colors, a clock, a battery life indicator, or a blank screen.
Check Content
To view the currently selected screen saver for the logged-on user, run the following command: /usr/sbin/system_profiler SPConfigurationProfileDataType | /usr/bin/grep loginWindowModulePath If there is no result or defined "modulePath", this is a finding.
Fix Text
This setting is enforced using the "Login Window Policy" configuration profile.
Additional Identifiers
Rule ID: SV-252441r816137_rule
Vulnerability ID: V-252441
Group Title: SRG-OS-000031-GPOS-00012
Expert Comments
CCIs
Number | Definition |
---|---|
CCI-000060 |
The information system conceals, via the session lock, information previously visible on the display with a publicly viewable image. |
Controls
Number | Title |
---|---|
AC-11 (1) |
Pattern-Hiding Displays |