STIG ID: APPL-14-000007 | SRG: SRG-OS-000031-GPOS-00012 | Severity: medium | CCI: | Vulnerability Id: V-259422
Hot corners must be disabled.
The information system conceals, via the session lock, information previously visible on the display
with a publicly viewable image. Although hot corners can be used to initiate a session lock or to launch
useful applications, they can also be configured to disable an automatic session lock from initiating.
Such a configuration introduces the risk that a user might forget to manually lock the screen before
stepping away from the computer.
Configure the macOS system to disable hot corners by installing the
"com.apple.ManagedClient.preferences" configuration profile.
Verify the macOS system is configured to disable hot corners with the following command:
/usr/bin/profiles -P -o stdout | /usr/bin/grep -Ec '"wvous-bl-corner" = 0|"wvous-br-corner" =
0|"wvous-tl-corner" = 0|"wvous-tr-corner" = 0'
If the result is not "4", this is a finding.