The macOS system logon window must be configured to prompt for username and password.
An XCCDF Rule
Description
<VulnDiscussion>The logon window must be configured to prompt all users for both a username and a password. By default, the system displays a list of known users at the logon screen. This gives an advantage to an attacker with physical access to the system, as the attacker would only have to guess the password for one of the listed accounts.</VulnDiscussion><FalsePositives></FalsePositives><FalseNegatives></FalseNegatives><Documentable>false</Documentable><Mitigations></Mitigations><SeverityOverrideGuidance></SeverityOverrideGuidance><PotentialImpacts></PotentialImpacts><ThirdPartyTools></ThirdPartyTools><MitigationControl></MitigationControl><Responsibility></Responsibility><IAControls></IAControls>
- ID
- SV-257244r905365_rule
- Severity
- Medium
- References
- Updated
Remediation - Manual Procedure
Configure the macOS system to prompt for username and password at the logon window by installing the "Login Window Policy" configuration profile.