The macOS system must enforce session lock no more than five seconds after screen saver is started.

An XCCDF Rule

Details
Profiles

Description

A screen saver must be enabled and the system must be configured to require a password to unlock once the screensaver has been on for a maximum of five seconds. An unattended system with an excessive grace period is vulnerable to a malicious user.

ID: SV-259420r958400_rule
Version: APPL-14-000003
Severity: Medium
References: CCI-000056
Updated: about 2 months ago

Remediation Templates

Configure the macOS system to initiate a session lock within five seconds of the screen saver starting by installing the "com.apple.screensaver" configuration profile.

The macOS system must enforce session lock no more than five seconds after screen saver is started.

Description

Remediation Templates

A Manual Procedure