The macOS system must conceal, via the session lock, information previously visible on the display with a publicly viewable image.

STIG ID: APPL-13-000006  |  SRG: SRG-OS-000031-GPOS-00012 |  Severity: medium |  CCI: CCI-000060 |  Vulnerability Id: V-257147

Vulnerability Discussion

A default screen saver must be configured for all users, as the screen saver will act as a session timeout lock for the system and must conceal the contents of the screen from unauthorized users. The screen saver must not display any sensitive information or reveal the contents of the locked session screen. Publicly viewable images can include static or dynamic images such as patterns used with screen savers, photographic images, solid colors, a clock, a battery life indicator, or a blank screen.

Check

Verify the macOS system is configured with a screen saver with the following command:

/usr/sbin/system_profiler SPConfigurationProfileDataType | /usr/bin/grep "moduleName"

moduleName = Ventura;

If there is no result or the "moduleName" is undefined, this is a finding.

Fix

Configure the macOS system with a screen saver by installing the "Login Window Policy" configuration profile.
This website is not created by, run, approved, or endorsed by the U.S. Department of Defense. Use at your own risk. This website is created by open-source software.