Check: AOSX-13-000007
Apple OS X 10.13 STIG:
AOSX-13-000007
(in versions v2 r5 through v1 r1)
Title
The macOS system must be configured to prevent Apple Watch from terminating a session lock. (Cat II impact)
Discussion
Users must be prompted to enter their passwords when unlocking the screen saver. The screen saver acts as a session lock and prevents unauthorized users from accessing the current user's account.
Check Content
To check if the system is configured to prevent Apple Watch from terminating a session lock, run the following command: /usr/sbin/system_profiler SPConfigurationProfileDataType | /usr/bin/grep "allowAutoUnlock = 0;" If there is no result, this is a finding.
Fix Text
This setting is enforced using the “Restrictions Policy" configuration profile.
Additional Identifiers
Rule ID: SV-214804r609363_rule
Vulnerability ID: V-214804
Group Title: SRG-OS-000028-GPOS-00009
Expert Comments
CCIs
Number | Definition |
---|---|
CCI-000056 |
The information system retains the session lock until the user reestablishes access using established identification and authentication procedures. |
Controls
Number | Title |
---|---|
AC-11 |
Session Lock |