2.10.2 Ensure Require Password After Screen Saver Begins or Display Is Turned Off Is Enabled for 5 Seconds or Immediately


Sleep and screen saver modes are low power modes that reduce electrical consumption while the system is not in use.


Prompting for a password when waking from sleep or screen saver mode mitigates the threat of an unauthorized person gaining access to a system in the user's absence.


Without a screenlock in place, anyone with physical access to the computer would be logged in and able to use the active user's session.


Graphical Method:
Perform the following steps to enable a password for unlock after a screen saver begins or after sleep:

Open System Settings

Select Lock Screen

Set Require password after screensaver begins or display is turned off to either After 0 seconds or After 5 seconds

Terminal Method:
Run the following command to require a password to unlock the computer after the screen saver engages or the computer sleeps:

$ /usr/bin/sudo /usr/sbin/sysadminctl -screenLock immediate -password <administrator password>


$ /usr/bin/sudo /usr/sbin/sysadminctl -screenLock 5 seconds -password <administrator password>

Profile Method:
Create or edit a configuration profile with the following information:

The PayloadType string is com.apple.screensaver

The key to include is askForPassword

The key must be set to <true/>

The key to also include is askForPasswordDelay

The key must be set to <integer><0,5></integer>

See Also


Item Details


References: 800-53|IA-5, CSCv7|4.2

Plugin: Unix

Control ID: 8a501d52f319faf947411af32eb38e1b2b5001105bd9cbe4a4a67d4fe41c997f