Big Sur - Enforce Auto Logout After 24 Hours of Inactivity

Information

Auto logout _MUST_ be configured to automatically terminate a user session and log out the after 86400 seconds (24 hours) of inactivity.

NOTE:The maximum that macOS can be configured for autologoff is 86400 seconds (24 hours).

[IMPORTANT]
====
The 24-hour automatic logout may cause disruptions to an organization's workflow and/or loss of data. Information System Security Officers (ISSOs) are advised to first fully weigh the potential risks posed to their organization before opting to disable the 24-hour automatic logout setting.
====

Solution

This is implemented by a Configuration Profile.

mobileconfig profile info:

.GlobalPreferences:
com.apple.autologout.AutoLogOutDelay:
86400

See Also

https://github.com/usnistgov/macos_security

Item Details

Category: ACCESS CONTROL

References: 800-53|AC-2(5), 800-53|AC-12, CCE|CCE-85424-0, CCI|CCI-002361

Plugin: Unix

Control ID: 551ebdcd55bf43bbb1f7bc1e65882b03dbc25927fec2fa1ff1162a25dae86cfc