An error occurred:

Check: APPL-12-000001

Apple macOS 12 (Monterey) STIG: APPL-12-000001 (in versions v1 r8 through v1 r1)

Title

The macOS system must be configured to prevent Apple Watch from terminating a session lock. (Cat II impact)

Discussion

Users must be prompted to enter their passwords when unlocking the screen saver. The screen saver acts as a session lock and prevents unauthorized users from accessing the current user's account.

Check Content

To check if the system is configured to prevent Apple Watch from terminating a session lock, run the following command: /usr/sbin/system_profiler SPConfigurationProfileDataType | /usr/bin/grep "allowAutoUnlock" allowAutoUnlock = 0; If there is no result or "allowAutoUnlock" is not set to "0", this is a finding.

Fix Text

This setting is enforced using the “Restrictions Policy" configuration profile.

Additional Identifiers

Rule ID: SV-252436r816122_rule

Vulnerability ID: V-252436

Group Title: SRG-OS-000028-GPOS-00009

Expert Comments

Expert comments are only available to logged-in users.

CCIs

CCIs tied to check.
Number Definition
CCI-000056

The information system retains the session lock until the user reestablishes access using established identification and authentication procedures.

Controls

Controls tied to check. These are derived from the CCIs shown above.
Number Title
AC-11

Session Lock