The macOS system must enforce screen saver timeout.

Overview

Finding ID	Version	Rule ID	IA Controls	Severity
V-259441	APPL-14-000070	SV-259441r958402_rule		Medium

Description
The screen saver timeout must be set to 900 seconds or a shorter length of time. This rule ensures that a full session lock is triggered within no more than 900 seconds of inactivity.

STIG	Date
Apple macOS 14 (Sonoma) Security Technical Implementation Guide	2024-05-30

Details

Check Text ( C-63180r940943_chk )
Verify the macOS system is configured to initiate the screen saver timeout after 15 minutes of inactivity with the following command: /usr/bin/osascript -l JavaScript << EOS function run() { let timeout = ObjC.unwrap($.NSUserDefaults.alloc.initWithSuiteName('com.apple.screensaver')\ .objectForKey('idleTime')) if ( timeout <= 900 ) { return("true") } else { return("false") } } EOS If the result is not "true", this is a finding.

Check Text ( C-63180r940943_chk )

Verify the macOS system is configured to initiate the screen saver timeout after 15 minutes of inactivity with the following command:

/usr/bin/osascript -l JavaScript << EOS
function run() {
let timeout = ObjC.unwrap($.NSUserDefaults.alloc.initWithSuiteName('com.apple.screensaver')\
.objectForKey('idleTime'))
if ( timeout <= 900 ) {
return("true")
} else {
return("false")
}
}
EOS

If the result is not "true", this is a finding.

Fix Text (F-63088r940944_fix)
Configure the macOS system to initiate the screen saver after 15 minutes of inactivity by installing the "com.apple.screensaver" configuration profile.