Detections
Analytics

Monterey - Prevent Apple Watch from Terminating a Session Lock

Information

Apple Watches are not an approved authenticator and their use _MUST_ be disabled.

Disabling Apple watches is a necessary step to ensuring that the information system retains a session lock until the user reestablishes access using an authorized identification and authentication procedures.

Solution

This is implemented by a Configuration Profile.

mobileconfig profile info:

com.apple.applicationaccess:
 allowAutoUnlock:
 False

See Also

https://github.com/usnistgov/macos_security

Item Details

Category: ACCESS CONTROL

References: 800-53|AC-11, 800-53|AC-11b., CCE|CCE-91045-5, CCI|CCI-000056

Plugin: Unix

Control ID: 4606f5389599ea9b614b446ca570bc65c7e87b7d7ebd10667d53a49d7c2973b9