Big Sur - Prevent Apple Watch from Terminating a Session Lock

Information

Apple Watches are not an approved authenticator and their use _MUST_ be disabled.

Disabling Apple watches is a necessary step to ensuring that the information system retains a session lock until the user reestablishes access using an authorized identification and authentication procedures.

Solution

This is implemented by a Configuration Profile.

mobileconfig profile info:

com.apple.applicationaccess:
allowAutoUnlock:
False

See Also

https://github.com/usnistgov/macos_security

Item Details

Category: ACCESS CONTROL

References: 800-53|AC-11, 800-53|AC-11b., CCE|CCE-85418-2, CCI|CCI-000056, STIG-ID|APPL-11-000001

Plugin: Unix

Control ID: a12dac4a3d8b6dbafec09d88ed12dcbe5e10bb59002d801e6b530ee984e7e829