STIGhubSTIGhub
STIGsRMF ControlsCompare

STIGhub

A free tool to search and browse the entire DISA STIG library. Saves up to 75% in security compliance research time.

Navigation

  • Browse STIGs
  • Search
  • RMF Controls
  • Compare Versions

Resources

  • About
  • Release Notes
  • VPAT
  • DISA STIG Library
STIGs updated 4 hours ago
Powered by Pylon
© 2026 Beacon Cloud Solutions, Inc. All rights reserved.
← Back to Apple macOS 15 (Sequoia) Security Technical Implementation Guide

V-268434

CAT II (Medium)

The macOS system must disable FileVault automatic login.

Rule ID

SV-268434r1137691_rule

STIG

Apple macOS 15 (Sequoia) Security Technical Implementation Guide

Version

V1R7

CCIs

CCI-000213

Discussion

If FileVault is enabled, automatic login must be disabled so that both FileVault and login window authentication are required. The default behavior of macOS when FileVault is enabled is to automatically log in to the computer once successfully passing FileVault credentials. NOTE: DisableFDEAutoLogin does not have to be set on Apple Silicon-based macOS systems that are smart card enforced, as smart cards are available at preboot.

Check Content

Verify the macOS system is configured to disable FileVault automatic login with the following command:

/usr/bin/osascript -l JavaScript << EOS
$.NSUserDefaults.alloc.initWithSuiteName('com.apple.loginwindow')\
.objectForKey('DisableFDEAutoLogin').js
EOS

If the result is not "true", this is a finding.

Fix Text

Configure the macOS system to disable FileVault automatic login by installing the "com.apple.loginwindow" configuration profile.

NOTE: To ensure continued access to the operating system, consult the supplemental guidance provided with the STIG before applying the configuration profile.