id: os_hibernate_mode_destroyfvkeyonstandby_enable
title: "Enable DestroyFVKeyOnStandby on Hibernate"
discussion: |
  DestroyFVKeyOnStandby on hibernate _MUST_ be enabled.
check: |
  /usr/bin/osascript -l JavaScript << EOS
  $.NSUserDefaults.alloc.initWithSuiteName('com.apple.MCX')\
  .objectForKey('DestroyFVKeyOnStandby').js
  EOS
result:
  string: "true"
fix: |
  This is implemented by a Configuration Profile.
references:
  cce:
    - CCE-92801-0
  cci:
    - N/A
  800-53r5:
    - N/A
  800-53r4:
    - N/A
  srg:
    - N/A
  disa_stig:
    - N/A
  800-171r2:
    - N/A
  cis:
    benchmark:
      - 2.9.1.3 (level 2)
    controls v8:
      - 4.1
macOS:
  - "14.0"
tags:
  - cis_lvl2
  - cisv8
mobileconfig: true
mobileconfig_info:
  com.apple.MCX:
    DestroyFVKeyOnStandby: true