STIGhubSTIGhub
STIGsRMF ControlsCompare
STIGhub— A free STIG search and compliance tool·STIGs updated 3 days ago
Powered by Pylon·Privacy·Terms·© 2026 Beacon Cloud Solutions, Inc.
← Back to Apple macOS 12 (Monterey) Security Technical Implementation Guide

V-252438

CAT II (Medium)

The macOS system must initiate the session lock no more than five seconds after a screen saver is started.

Rule ID

SV-252438r958400_rule

STIG

Apple macOS 12 (Monterey) Security Technical Implementation Guide

Version

V1R9

CCIs

CCI-000056

Discussion

A screen saver must be enabled and set to require a password to unlock. An excessive grace period impacts the ability for a session to be truly locked, requiring authentication to unlock.

Check Content

To check if the system will prompt users to enter their passwords to unlock the screen saver, run the following command:

/usr/sbin/system_profiler SPConfigurationProfileDataType | /usr/bin/grep askForPasswordDelay

If there is no result, or if "askForPasswordDelay" is not set to "5" or less, this is a finding.

Fix Text

This setting is enforced using the "Login Window Policy" configuration profile.