STIG ID: APPL-14-000007 | SRG: SRG-OS-000031-GPOS-00012 | Severity: medium | CCI: | Vulnerability Id: V-259422
Hot corners must be disabled.
The information system conceals, via the session lock, information previously visible on the display with a publicly viewable image. Although hot corners can be used to initiate a session lock or to launch useful applications, they can also be configured to disable an automatic session lock from initiating. Such a configuration introduces the risk that a user might forget to manually lock the screen before stepping away from the computer.
Configure the macOS system to disable hot corners by installing the "com.apple.ManagedClient.preferences" configuration profile.
Verify the macOS system is configured to disable hot corners with the following command:
/usr/bin/profiles -P -o stdout | /usr/bin/grep -Ec '"wvous-bl-corner" = 0|"wvous-br-corner" = 0|"wvous-tl-corner" = 0|"wvous-tr-corner" = 0'
If the result is not "4", this is a finding.