Details
Hot corners _MUST_ be disabled.
The information system conceals, via the session lock, information previously visible on the display with a publicly viewable image. Although hot comers can be used to initiate a session lock or to launch useful applications, they can also be configured to disable an automatic session lock from initiating. Such a configuration introduces the risk that a user might forget to manually lock the screen before stepping away from the computer.
Solution
This is implemented by a Configuration Profile.
mobileconfig profile info:
com.apple.ManagedClient.preferences:
com.apple.dock:
wvous-bl-corner
0
wvous-br-corner
0
wvous-tr-corner
0
wvous-tl-corner
0
Supportive Information
The following resource is also helpful.
This security hardening control applies to the following category of controls within NIST 800-53: Access Control.This control applies to the following type of system Unix.
References
- 800-53|AC-11(1)
- CCE|CCE-85431-5, CCI|CCI-000060
- STIG-ID|APPL-11-000007