An error occurred:

Check: APPL-15-002066

Apple macOS 15 (Sequoia) STIG: APPL-15-002066 (in versions v1 r3 through v1 r1)

Title

The macOS system must disable unattended or automatic login to the system. (Cat I impact)

Discussion

Automatic login must be disabled. When automatic logins are enabled, the default user account is automatically logged on at boot time without prompting the user for a password. Even if the screen is later locked, a malicious user would be able to reboot the computer and find it already logged in. Disabling automatic logins mitigates this risk. Satisfies: SRG-OS-000104-GPOS-00051, SRG-OS-000480-GPOS-00229

Check Content

Verify the macOS system is configured to disable unattended or automatic login to the system with the following command: /usr/bin/osascript -l JavaScript << EOS $.NSUserDefaults.alloc.initWithSuiteName('com.apple.loginwindow')\ .objectForKey('com.apple.login.mcx.DisableAutoLoginClient').js EOS If the result is not "true", this is a finding.

Fix Text

Configure the macOS system to disable unattended or automatic login to the system by installing the "com.apple.loginwindow" configuration profile.

Additional Identifiers

Rule ID: SV-268512r1034476_rule

Vulnerability ID: V-268512

Group Title: SRG-OS-000104-GPOS-00051

Expert Comments

Expert comments are only available to logged-in users.

CCIs

CCIs tied to check.
Number Definition
CCI-000366

Implement the security configuration settings.
CCI-000764

Uniquely identify and authenticate organizational users and associate that unique identification with processes acting on behalf of those users.

Controls

Controls tied to check. These are derived from the CCIs shown above.
Number Title
CM-6

Configuration Settings
IA-2

Identification and Authentication (organizational Users)