The macOS system must be configured to disable hot corners.

STIG ID: APPL-13-000007  |  SRG: SRG-OS-000031-GPOS-00012 |  Severity: medium |  CCI: CCI-000060 |  Vulnerability Id: V-257148

Vulnerability Discussion

Although hot corners can be used to initiate a session lock or launch useful applications, they can also be configured to disable an automatic session lock from initiating. Such a configuration introduces the risk that a user might forget to manually lock the screen before stepping away from the computer.

Check

Verify the macOS system is configured to disable hot corners with the following command:

/usr/sbin/system_profiler SPConfigurationProfileDataType | /usr/bin/grep "wvous"

"wvous-bl-corner" = 0;
"wvous-br-corner" = 0;
"wvous-tl-corner" = 0;
"wvous-tr-corner" = 0;

If the command does not return the following, this is a finding.

"wvous-bl-corner = 0;
wvous-br-corner = 0;
wvous-tl-corner = 0;
wvous-tr-corner = 0;"

Fix

Configure the macOS system to disable hot corners by installing the "Custom Policy" configuration profile.
This website is not created by, run, approved, or endorsed by the U.S. Department of Defense. Use at your own risk. This website is created by open-source software.