STIG ID: APPL-14-000160 | SRG: SRG-OS-000279-GPOS-00109 | Severity: medium | CCI: | Vulnerability Id: V-259449
Auto logout must be configured to automatically terminate a user session and log out the after 86400 seconds of inactivity.
Note: The maximum that macOS can be configured for autologoff is 86400 seconds.
[IMPORTANT]
====
The automatic logout may cause disruptions to an organization's workflow and/or loss of data. Information system security officers (ISSOs) are advised to first fully weigh the potential risks posed to their organization before opting to disable the automatic logout setting.
====
Configure the macOS system to enforce auto logout after 86400 seconds of inactivity by installing the "com.apple.GlobalPreferences" configuration profile.
Verify the macOS system is configured to enforce auto logout after 86400 seconds of inactivity with the following command:
/usr/bin/osascript -l JavaScript << EOS
$.NSUserDefaults.alloc.initWithSuiteName('.GlobalPreferences')\
.objectForKey('com.apple.autologout.AutoLogOutDelay').js
EOS
If the result is not "86400", this is a finding.