The macOS system must enforce session lock no more than five seconds after screen saver is started.

A screen saver must be enabled and the system must be configured to require a password to unlock once the screen saver has been on for a maximum of five seconds. An unattended system with an excessive grace period is vulnerable to a malicious user.