Automatic logon must be disabled. When automatic logons are enabled, the default user account is automatically logged on at boot time without prompting the user for a password. Even if the screen is later locked, a malicious user would be able to reboot the computer and find it already logged in. Disabling automatic logons mitigates this risk. Audit: Verify the macOS system is configured to disable unattended or automatic logon to the system with the following command: /usr/bin/osascript -l JavaScript << EOS $.NSUserDefaults.alloc.initWithSuiteName('com.apple.loginwindow')\ .objectForKey('com.apple.login.mcx.DisableAutoLoginClient').js EOS If the result is not "true", this is a finding. Remediation: Configure the macOS system to disable unattended or automatic logon to the system by installing the "com.apple.loginwindow" configuration profile with 'com.apple.login.mcx.DisableAutoLoginClient' key set to true

[Yes/No]

Configure the macOS system to disable unattended or automatic logon to the system by installing the "com.apple.loginwindow" configuration profile with 'com.apple.login.mcx.DisableAutoLoginClient' key set to true