← Back to Apple macOS 26 (Tahoe) Security Technical Implementation Guide

V-277056

CAT II (Medium)

The macOS system must enforce auto logout after 86400 seconds of inactivity.

Rule ID

SV-277056r1148620_rule

STIG

Apple macOS 26 (Tahoe) Security Technical Implementation Guide

Version

V1R2

CCIs

CCI-002361

Discussion

Auto logout must be configured to automatically terminate a user session and log out after 86400 seconds of inactivity. Note: The maximum that macOS can be configured for autologoff is 86400 seconds. [IMPORTANT] ==== The automatic logout may cause disruptions to an organization's workflow and/or loss of data. Information system security officers (ISSOs) are advised to first fully weigh the potential risks posed to their organization before opting to disable the automatic logout setting. ====

Check Content

Verify the macOS system is configured to enforce auto logout after 86400 seconds of inactivity with the following command:

/usr/bin/osascript -l JavaScript << EOS
$.NSUserDefaults.alloc.initWithSuiteName('.GlobalPreferences')\
.objectForKey('com.apple.autologout.AutoLogOutDelay').js
EOS

If the result is not "86400", this is a finding.

Fix Text

Configure the macOS system to enforce auto logout after 86400 seconds of inactivity by installing the "com.apple.GlobalPreferences" configuration profile.