2.9 Ensure Power Nap Is Disabled


This feature allows the computer to take action when the user is not present and the computer is in energy saving mode. These tools require FileVault to remain unlocked and fully rejoin known networks. This macOS feature is meant to allow the computer to resume activity as needed regardless of physical security controls.

Power Nap allows the system to stay in low power mode, especially while on battery power and periodically connect to previously named networks with stored credentials for user applications to phone home and get updates. This capability requires FileVault to remain unlocked and the use of previously joined networks to be risk accepted based on the SSID without user input.

This control has been updated to check the status on both battery and AC Power. The presence of an electrical outlet does not completely correlate with logical and physical security of the device or available networks.


Disabling this feature mitigates the risk of an attacker remotely waking the system and gaining access.

The use of Power Nap adds to the risk of compromised physical and logical security. The user should be able to decrypt FileVault and have the applications download what is required when the computer is actively used.

The control to prevent computer sleep has been retired for this version of the Benchmark. Forcing the computer to stay on and use energy in case a management push is needed is contrary to most current management processes. Only keep computers unslept if after hours pushes are required on closed LANs.


Power Nap exists for unattended user application updates like email and social media clients. With Power Nap disabled the computer will not wake and reconnect to known wireless SSIDs intermittently when slept.


Perform the following disable Wake for network access or Power Nap:
Graphical Method:

Open System Preferences

Select Energy Saver

Uncheck Enable Power Nap

Terminal Method:
Run the following command to disable Power Nap:

$ sudo pmset -a powernap 0

Additional Information:

man pmset

See Also


Item Details


References: 800-53|CM-1, 800-53|CM-2, 800-53|CM-6, 800-53|CM-7, 800-53|CM-7(1), 800-53|CM-9, 800-53|SA-3, 800-53|SA-8, 800-53|SA-10, CSCv7|5.1, CSCv7|9.2

Plugin: Unix

Control ID: 117f57432024fb270f0e05ac734a9a055b84fbfe3d0d5ea5a14155a161689e88