When automatic logins are enabled, the default user account is automatically logged on at boot time without prompting the user for a password. Even if the screen is later locked, a malicious user would be able to reboot the computer and find it already logged in. Disabling automatic logins mitigates this risk.
Verify the macOS system is configured to disable unattended or automatic login to the system with the following command:
/usr/bin/osascript -l JavaScript << EOS $.NSUserDefaults.alloc.initWithSuiteName('com.apple.loginwindow')\ .objectForKey('com.apple.login.mcx.DisableAutoLoginClient').js EOS
If the result is not "true", this is a finding.
Fix
Configure the macOS system to disable unattended or automatic login to the system by installing the "com.apple.loginwindow" configuration profile.