diff --git a/rules/sysprefs/sysprefs_automatic_logout_enforce.yaml b/rules/sysprefs/sysprefs_automatic_logout_enforce.yaml index c3e6f979..a2f7d349 100644 --- a/rules/sysprefs/sysprefs_automatic_logout_enforce.yaml +++ b/rules/sysprefs/sysprefs_automatic_logout_enforce.yaml @@ -1,4 +1,4 @@ -id: sysprefs_enforce_auto_logout +id: sysprefs_automatic_logout_enforce title: "Enforce Auto Logout After 24 Hours of Inactivity" discussion: | Auto logout _MUST_ be configured to automatically terminate a user session and log out the after 86400 seconds (24 hours) of inactivity. diff --git a/rules/sysprefs/sysprefs_enforce_auto_logout.yaml b/rules/sysprefs/sysprefs_enforce_auto_logout.yaml deleted file mode 100644 index c3e6f979..00000000 --- a/rules/sysprefs/sysprefs_enforce_auto_logout.yaml +++ /dev/null @@ -1,42 +0,0 @@ -id: sysprefs_enforce_auto_logout -title: "Enforce Auto Logout After 24 Hours of Inactivity" -discussion: | - Auto logout _MUST_ be configured to automatically terminate a user session and log out the after 86400 seconds (24 hours) of inactivity. - - NOTE:The maximum that macOS can be configured for autologoff is 86400 seconds (24 hours). - - [IMPORTANT] - ==== - The 24-hour automatic logout may cause disruptions to an organization’s workflow and/or loss of data. Information System Security Officers (ISSOs) are advised to first fully weigh the potential risks posed to their organization before opting to disable the 24-hour automatic logout setting. - ==== -check: | - /usr/bin/profiles -P -o stdout | /usr/bin/grep -c '"com.apple.autologout.AutoLogOutDelay" = 86400' -fix: | - This is implemented by a Configuration Profile. -references: - cce: - - CCE-85424-0 - cci: - - CCI-002361 - 800-53r4: - - AC-12 - disa_stig: - - N/A - srg: - - SRG-OS-000279-GPOS-00109 - 800-171r2: - - 3.1.11 -macOS: - - "11.0" -tags: - - 800-171 - - cnssi-1253 - - 800-53r4_moderate - - 800-53r4_high - - STIG -mobileconfig: true -mobileconfig_info: - .GlobalPreferences: - com.apple.autologout.AutoLogOutDelay: 86400 - -