Navigate

Check: APPL-13-002066

Apple macOS 13 (Ventura) STIG: APPL-13-002066 (in versions v1 r4 through v1 r1)

Title

The macOS system must not allow an unattended or automatic logon to the system. (Cat II impact)

Discussion

Failure to restrict system access to authenticated users negatively impacts operating system security.

Check Content

Verify the macOS system is configured to not allow automatic logon with the following command: /usr/sbin/system_profiler SPConfigurationProfileDataType | /usr/bin/grep "DisableAutoLoginClient" "com.apple.login.mcx.DisableAutoLoginClient" = 1; If "com.apple.login.mcx.DisableAutoLoginClient" is not set to "1", this is a finding.

Fix Text

Configure the macOS system to not allow automatic login by installing the "Login Window Policy" configuration profile.

Additional Identifiers

Rule ID: SV-257221r905296_rule

Vulnerability ID: V-257221

Group Title: SRG-OS-000480-GPOS-00229

Expert Comments

Expert comments are only available to logged-in users.

CCIs

CCIs tied to check.

Number	Definition
CCI-000366	The organization implements the security configuration settings.

Controls

Controls tied to check. These are derived from the CCIs shown above.

Number	Title
CM-6	Configuration Settings