Details
A locking screensaver is one of the standard security controls to limit access to a computer and the current user’s session when the computer is temporarily unused or unattended. In macOS the screensaver starts after a value selected in a drop down menu, 10 minutes and 20 minutes are both options and either is acceptable. Any value can be selected through the command line or script but a number that is not reflected in the GUI can be problematic. 20 minutes is the default for new accounts.
Rationale:
Setting an inactivity interval for the screensaver prevents unauthorized persons from viewing a system left unattended for an extensive period of time.
Impact:
If the screensaver is not set users may leave the computer available for an unauthorized person to access information.
Solution
Perform the following to implement the prescribed state:
Open System Preferences
Select Desktop & Screen Saver
Select Screen__Saver
Set Start after to 20 minutes or less
Alternatively:
In Terminal, run one of the the following commands:
defaults -currentHost write com.apple.screensaver idleTime -int 600
defaults -currentHost write com.apple.screensaver idleTime -int 1200
There are anomalies if the command line is used to make the setting something other than what is available in the GUI Menu. Choose either 10 minutes or 20 minutes,
Supportive Information
The following resource is also helpful.
This security hardening control applies to the following category of controls within NIST 800-53: Access Control.This control applies to the following type of system Unix.