2.3.3 Familiarize users with screen lock tools or corner to Start Screen Saver

Information

In 10.13 Apple added a 'Lock Screen' option to the Apple Menu. Prior to this the best quick lock options were to use either a lock screen option with the screen saver or the lock screen option from Keychain Access if status was made available in the menu bar. With 10.13 the menu bar option is no longer available. The intent of this control is to resemble control-alt-delete on Windows Systems as a means of quickly locking the screen. If the user of the system is stepping away from the computer the best practice is to lock the screen and setting a hot corner is an appropriate method.

Rationale:

Ensuring the user has a quick method to lock their screen may reduce opportunity for individuals in close physical proximity of the device to see screen contents.

Solution

Perform the following to set a Hot Corner to either Start Screen Saver or Put Display to Sleep:
Graphical Method:

Open System Preferences

Select Desktop & Screen Saver

Select Screen Saver

Select Hot Corners... and turn on either/both Start Screen Saver or Put Display to Sleep

Terminal Method:
For all users, run the following commands to set Start Screen Saver or Put Display to Sleep as a Hot Corner:

$ sudo -u <username> defaults read com.apple.dock <corner> -int <5 or 10>

example:

$ sudo -u seconduser defaults write com.apple.dock wvous-tl-corner -int 10

$ sudo -u seconduser defaults read com.apple.dock wvous-tl-corner

10

$ sudo -u seconduser defaults write com.apple.dock wvous-bl-corner -int 5

$ sudo -u seconduser defaults read com.apple.dock wvous-bl-corner

10

See Also

https://workbench.cisecurity.org/files/3013

Item Details

Category: ACCESS CONTROL

References: 800-53|AC-11a.

Plugin: Unix

Control ID: e227d80f10a1612ee9e2546e2ea373bc70c33fce73e2ef33ea2ad1ff366cbd9f