Capacity
CCI-001133
Terminate the network connection associated with a communications session at the end of the session or after an organization-defined time period of inactivity.
23
Rule
Severity: Medium
Set Interactive Session Timeout
29
Rule
Severity: Medium
Set SSH Client Alive Count Max to zero
29
Rule
Severity: Medium
Set SSH Client Alive Count Max
29
Rule
Severity: Medium
Set SSH Client Alive Interval
1
Rule
Severity: High
The A10 Networks ADC must terminate management sessions after 10 minutes of inactivity except to fulfill documented and validated mission requirements.
1
Rule
Severity: Medium
Compliance Guardian must provide automated mechanisms for supporting account management functions.
1
Rule
Severity: Medium
The Akamai Luna Portal must terminate all network connections associated with a device management session at the end of the session, or the session must be terminated after 15 minutes of inactivity except to fulfill documented and validated mission requirements.
1
Rule
Severity: Medium
The Arista Multilayer Switch must terminate all network connections associated with a device management session at the end of the session, or the session must be terminated after 10 minutes of inactivity except to fulfill documented and validated mission requirements.
2
Rule
Severity: Medium
The ALG must terminate all network connections associated with a communications session at the end of the session, or as follows: for in-band management sessions (privileged sessions), the session must be terminated after 10 minutes of inactivity; and for user sessions (non-privileged session), the session must be terminated after 15 minutes of inactivity.
2
Rule
Severity: High
The Arista network device must terminate all network connections associated with a device management session at the end of the session, or the session must be terminated after 10 minutes of inactivity except to fulfill documented and validated mission requirements.
2
Rule
Severity: Medium
The application must terminate all network connections associated with a communications session at the end of the session.
1
Rule
Severity: Medium
The CA API Gateway must terminate all network connections associated with a Policy Manager session at the end of the session or as follows: for in-band management sessions (privileged sessions), the session must be terminated after 10 minutes of inactivity within the Policy Manager, and for user sessions simply viewing the contents of Policy Manager or viewing Audit Logs for tracking purposes (non-privileged session), the session must be terminated after 15 minutes of inactivity.
1
Rule
Severity: High
The DBN-6300 must terminate all network connections associated with a device management session at the end of the session, or the session must be terminated after 10 minutes of inactivity except to fulfill documented and validated mission requirements.
1
Rule
Severity: Medium
The Lifetime Minutes and Renewal Threshold Minutes Login Session Controls must be set to 10 and 0 respectively in Docker Enterprise.
1
Rule
Severity: High
The FortiGate device must terminate idle sessions after 10 minutes of inactivity.
1
Rule
Severity: Medium
CounterACT must terminate all network connections associated with an Enterprise Manager Console session upon Exit, or session disconnection, or after 10 minutes of inactivity, except where prevented by documented and validated mission requirements.
1
Rule
Severity: Medium
CounterACT must terminate all network connections associated with an SSH connection session upon Exit, session disconnection, or after 10 minutes of inactivity, except where prevented by documented and validated mission requirements.
2
Rule
Severity: High
Forescout must terminate all network connections associated with a device management session at the end of the session, or the session must be terminated after 10 minutes of inactivity except to fulfill documented and validated mission requirements.
1
Rule
Severity: Medium
The HP FlexFabric Switch must terminate all network connections associated with a device management session at the end of the session, or the session must be terminated after 10 minutes of inactivity except to fulfill documented and validated mission requirements.
1
Rule
Severity: Medium
The storage system must terminate all network connections associated with a communications session at the end of the session, at shutdown, or after 10 minutes of inactivity.
1
Rule
Severity: High
The HYCU server and Web UI must terminate all network connections associated with a device management session at the end of the session, or the session must be terminated after 15 minutes of inactivity except to fulfill documented and validated mission requirements.
1
Rule
Severity: High
The DataPower Gateway must terminate all network connections associated with a device management session at the end of the session, or the session must be terminated after 10 minutes of inactivity except to fulfill documented and validated mission requirements.
1
Rule
Severity: Medium
IBM Aspera Console interactive session must be terminated after 10 minutes of inactivity for non-privileged and privileged sessions.
1
Rule
Severity: Medium
IBM Aspera Faspex interactive session must be terminated after 10 minutes of inactivity for non-privileged and privileged sessions.
1
Rule
Severity: Medium
The IBM Aspera Shares interactive session must be terminated after 10 minutes of inactivity for non-privileged and privileged sessions.
1
Rule
Severity: Medium
The WebGUI of the MQ Appliance network device must terminate all network connections associated with a device management session at the end of the session, or the session must be terminated after 10 minutes of inactivity except to fulfill documented and validated mission requirements.
1
Rule
Severity: Medium
The SSH CLI of the MQ Appliance network device must terminate all network connections associated with a device management session at the end of the session, or the session must be terminated after 10 minutes of inactivity except to fulfill documented and validated mission requirements.
1
Rule
Severity: High
MobileIron Sentry must terminate all network connections associated with a device management session at the end of the session, or the session must be terminated after 10 minutes of inactivity except to fulfill documented and validated mission requirement.
2
Rule
Severity: Medium
The Sentry must terminate all network connections associated with a communications session at the end of the session, or as follows: for in-band management sessions (privileged sessions), the session must be terminated after 10 minutes of inactivity; and for mobile device sessions (non-privileged session), the session must be terminated after 15 minutes of inactivity.
2
Rule
Severity: High
The Juniper router must be configured to terminate all network connections associated with device management after five minutes of inactivity.
2
Rule
Severity: Medium
The Juniper SRX Services Gateway Firewall must terminate all communications sessions associated with user traffic after 15 minutes or less of inactivity.
2
Rule
Severity: Medium
The Juniper SRX Services Gateway must terminate a device management session after 10 minutes of inactivity, except to fulfill documented and validated mission requirements.
2
Rule
Severity: Medium
The Juniper SRX Services Gateway must terminate a device management session if the keep-alive count is exceeded.
2
Rule
Severity: Low
The Juniper SRX Services Gateway VPN must terminate all network connections associated with a communications session at the end of the session.
2
Rule
Severity: High
ONTAP must terminate all network connections associated with a device management session at the end of the session, or the session must be terminated after 10 minutes of inactivity except to fulfill documented and validated mission requirements.
2
Rule
Severity: High
The network device must terminate all network connections associated with a device management session at the end of the session, or the session must be terminated after five minutes of inactivity except to fulfill documented and validated mission requirements.
1
Rule
Severity: Medium
Nutanix AOS must automatically terminate a user session after inactivity time-outs have expired or at shutdown.
1
Rule
Severity: Low
Oracle WebLogic must terminate the network connection associated with a communications session at the end of the session or after a DoD-defined time period of inactivity.
2
Rule
Severity: High
The Riverbed NetProfiler must be configured to terminate all network connections associated with a device management session at the end of the session, or the session must be terminated after 10 minutes of inactivity except to fulfill documented and validated mission requirements.
1
Rule
Severity: Medium
Riverbed Optimization System (RiOS) must terminate all network connections associated with a device management session at the end of the session, or the session must be terminated after 10 minutes of inactivity except to fulfill documented and validated mission requirements.
1
Rule
Severity: High
Symantec ProxySG must terminate all network connections associated with a communications session at the end of the session or terminate user sessions (nonprivileged session) after 15 minutes of inactivity.
2
Rule
Severity: Medium
Common Access Card (CAC)-based authentication must be enabled and enforced on the Tanium Server for all access and all accounts.
1
Rule
Severity: High
Symantec ProxySG must terminate all network connections associated with a device management session at the end of the session, or the session must be terminated after 10 minutes of inactivity except to fulfill documented and validated mission requirements.
2
Rule
Severity: High
The TippingPoint SMS must terminate all network connections associated with a device management session at the end of the session, or the session must be terminated after 10 minutes of inactivity except to fulfill documented and validated mission requirements.
2
Rule
Severity: Medium
Tanium Operating System (TanOS) must terminate all network connections associated with a communications session at the end of the session, or as follows: For in-band management sessions (privileged sessions), the session must be terminated after 10 minutes of inactivity; for user sessions (nonprivileged session), the session must be terminated after 15 minutes of inactivity, except to fulfill documented and validated mission requirements.
1
Rule
Severity: High
The NSX-T Manager must terminate the device management session at the end of the session or after 10 minutes of inactivity.
2
Rule
Severity: Low
The VPN Gateway must terminate all network connections associated with a communications session at the end of the session.
2
Rule
Severity: Medium
The Remote Access VPN Gateway must terminate remote access network connections after an organization-defined time period.
4
Rule
Severity: Medium
The macOS system must be configured with the SSH daemon ClientAliveInterval option set to 900 or less.
4
Rule
Severity: Medium
The macOS system must be configured with the SSH daemon ClientAliveCountMax option set to 1.
4
Rule
Severity: Medium
The macOS system must be configured with the SSH daemon LoginGraceTime set to 30 or less.
3
Rule
Severity: Medium
The macOS system must configure SSHD ClientAliveInterval to 900.
3
Rule
Severity: Medium
The macOS system must configure SSHD ClientAliveCountMax to 1.
2
Rule
Severity: Medium
The macOS system must set Login Grace Time to 30.
2
Rule
Severity: Medium
The macOS system must configure SSH ServerAliveInterval option set to 900.
2
Rule
Severity: Medium
The macOS system must configure SSHD Channel Timeout to 900.
3
Rule
Severity: Medium
The macOS system must configure SSHD unused connection timeout to 900.
3
Rule
Severity: Medium
The macOS system must set SSH Active Server Alive Maximum to 0.
1
Rule
Severity: Medium
The Ubuntu operating system must automatically terminate all network connections associated with SSH traffic at the end of the session or after 10 minutes of inactivity.
2
Rule
Severity: Medium
The Ubuntu operating system must immediately terminate all network connections associated with SSH traffic at the end of the session or after 10 minutes of inactivity.
2
Rule
Severity: High
The Cisco ASA must be configured to terminate all network connections associated with a device management session at the end of the session, or the session must be terminated after five minutes of inactivity except to fulfill documented and validated mission requirements.
6
Rule
Severity: High
The Cisco router must be configured to terminate all network connections associated with device management after five minutes of inactivity.
6
Rule
Severity: High
The Cisco switch must be configured to terminate all network connections associated with device management after five minutes of inactivity.
2
Rule
Severity: High
The Cisco ISE must terminate all network connections associated with a device management session at the end of the session, or the session must be terminated after five minutes of inactivity except to fulfill documented and validated mission requirements.
2
Rule
Severity: Medium
The application must terminate all network connections associated with a communications session at the end of the session, or as follows: for in-band management sessions (privileged sessions), the session must be terminated after 10 minutes of inactivity.
2
Rule
Severity: High
The HPE Nimble must terminate all network connections associated with a device management session at the end of the session, or the session must be terminated after 10 minutes of inactivity.
2
Rule
Severity: Medium
The operating system must terminate all network connections associated with a communications session at the end of the session, or as follows: for in-band management sessions (privileged sessions), the session must be terminated after 10 minutes of inactivity; and for user sessions (non-privileged session), the session must be terminated after 15 minutes of inactivity, except to fulfill documented and validated mission requirements.
2
Rule
Severity: Medium
SSMC must terminate all network connections associated with a communications session at the end of the session, or as follows: for in-band management sessions (privileged sessions), the session must be terminated after 10 minutes of inactivity.
2
Rule
Severity: Medium
The HPE 3PAR OS must be configured to terminate all network connections associated with a communications session at the end of the session, or after 10 minutes of inactivity.
2
Rule
Severity: Medium
AIX must config the SSH idle timeout interval.
2
Rule
Severity: Medium
AIX must set inactivity time-out on login sessions and terminate all login sessions after 10 minutes of inactivity.
2
Rule
Severity: Medium
IBM z/OS TSO GSO record values must be set to the values specified.
2
Rule
Severity: Medium
IBM z/OS startup parameters for the FTP Server must be defined in the SYSTCPD and SYSFTPD DD statements for configuration files.
2
Rule
Severity: Medium
IBM z/OS FTP.DATA configuration for the FTP Server must have INACTIVE statement properly set.
2
Rule
Severity: Medium
IBM z/OS PROFILE.TCPIP configuration for the TN3270 Telnet Server must have INACTIVE statement properly specified.
2
Rule
Severity: Medium
IBM z/OS FTP.DATA configuration for the FTP server must have the INACTIVE statement properly set.
4
Rule
Severity: Medium
IBM z/OS startup parameters for the FTP server must have the INACTIVE statement properly set.
2
Rule
Severity: Medium
IBM FTP.DATA configuration for the FTP server must have the INACTIVE statement properly set.
2
Rule
Severity: Medium
IBM z/OS PROFILE.TCPIP configuration for the TN3270 Telnet server must have the INACTIVE statement properly specified.
2
Rule
Severity: Medium
The IBM z/OS PROFILE.TCPIP configuration for the TN3270 Telnet server must have the INACTIVE statement properly specified.
2
Rule
Severity: Medium
The ICS must terminate remote access network connections after an organization-defined time period.
2
Rule
Severity: High
The ICS must be configured to terminate after 10 minutes of inactivity except to fulfill documented and validated mission requirements.
2
Rule
Severity: High
The Juniper EX switch must be configured to end all network connections associated with a device management session at the end of the session, or the session must be terminated after 10 minutes of inactivity except to fulfill mission requirements.
2
Rule
Severity: Medium
Kubernetes Kubelet must not disable timeouts.
4
Rule
Severity: High
The network device must terminate all network connections associated with a device management session at the end of the session, or the session must be terminated after 10 minutes of inactivity except to fulfill documented and validated mission requirements.
2
Rule
Severity: Medium
The machine inactivity limit must be set to 15 minutes, locking the system with the screensaver.
2
Rule
Severity: Low
The directory service must be configured to terminate LDAP-based network connections to the directory server after 5 minutes of inactivity.
2
Rule
Severity: Low
Windows Server 2019 directory service must be configured to terminate LDAP-based network connections to the directory server after five minutes of inactivity.
2
Rule
Severity: Low
Windows Server 2022 directory service must be configured to terminate LDAP-based network connections to the directory server after five minutes of inactivity.
2
Rule
Severity: Medium
The Oracle Linux operating system must be configured so that all network connections associated with a communication session are terminated at the end of the session or after 15 minutes of inactivity from the user at a command prompt, except to fulfill documented and validated mission requirements.
2
Rule
Severity: Medium
The Oracle Linux operating system must be configured so that all network connections associated with SSH traffic are terminated after 10 minutes of becoming unresponsive.
2
Rule
Severity: Medium
The Oracle Linux operating system must be configured so that all network connections associated with SSH traffic terminate after becoming unresponsive.
2
Rule
Severity: Medium
OL 8 must be configured so that all network connections associated with SSH traffic terminate after becoming unresponsive.
2
Rule
Severity: Medium
OL 8 must be configured so that all network connections associated with SSH traffic are terminated after 10 minutes of becoming unresponsive.
2
Rule
Severity: Medium
OL 8 must terminate idle user sessions.
2
Rule
Severity: Medium
The Palo Alto Networks security platform must terminate communications sessions after 15 minutes of inactivity.
2
Rule
Severity: High
The Palo Alto Networks security platform must terminate management sessions after 10 minutes of inactivity except to fulfill documented and validated mission requirements.
2
Rule
Severity: Medium
Rancher RKE2 must terminate all network connections associated with a communications session at the end of the session, or as follows: for in-band management sessions (privileged sessions), the session must be terminated after five minutes of inactivity.
2
Rule
Severity: High
OpenShift must disable root and terminate network connections.
2
Rule
Severity: Medium
OpenShift must terminate all network connections associated with a communications session at the end of the session, or as follows: for in-band management sessions (privileged sessions), the session must be terminated after 10 minutes of inactivity.
2
Rule
Severity: Medium
RHEL 8 must be configured so that all network connections associated with SSH traffic terminate after becoming unresponsive.
1
Rule
Severity: Medium
The Red Hat Enterprise Linux operating system must be configured so that all network connections associated with a communication session are terminated at the end of the session or after 15 minutes of inactivity from the user at a command prompt, except to fulfill documented and validated mission requirements.
1
Rule
Severity: Medium
The Red Hat Enterprise Linux operating system must be configured so that all network connections associated with SSH traffic are terminated after 10 minutes of becoming unresponsive.
1
Rule
Severity: Medium
The Red Hat Enterprise Linux operating system must be configured so that all network connections associated with SSH traffic terminate after becoming unresponsive.
2
Rule
Severity: Medium
RHEL 8 must be configured so that all network connections associated with SSH traffic are terminated after 10 minutes of becoming unresponsive.
1
Rule
Severity: Medium
RHEL 8 must terminate idle user sessions.
4
Rule
Severity: Medium
The SUSE operating system SSH daemon must be configured with a timeout interval.
4
Rule
Severity: Medium
The SUSE operating system for all network connections associated with SSH traffic must immediately terminate at the end of the session or after 10 minutes of inactivity.
2
Rule
Severity: Medium
RHEL 9 must be configured so that all network connections associated with SSH traffic terminate after becoming unresponsive.
2
Rule
Severity: Medium
RHEL 9 must be configured so that all network connections associated with SSH traffic are terminated after 10 minutes of becoming unresponsive.
2
Rule
Severity: Medium
RHEL 9 must automatically exit interactive command shell user sessions after 15 minutes of inactivity.
2
Rule
Severity: Medium
RHEL 9 must terminate idle user sessions.
4
Rule
Severity: Low
The operating system must terminate the network connection associated with a communications session at the end of the session or after 10 minutes of inactivity.
2
Rule
Severity: Medium
The VMM must terminate all network connections associated with a communications session at the end of the session, or as follows: for in-band management sessions (privileged sessions), the session must be terminated after 10 minutes of inactivity; and for user sessions (non-privileged session), the session must be terminated after 15 minutes of inactivity, except to fulfill documented and validated mission requirements.
1
Rule
Severity: Medium
The ESXi host must set a timeout to automatically disable idle shell sessions after two minutes.
1
Rule
Severity: Medium
The ESXi host must terminate shell services after 10 minutes.
1
Rule
Severity: Medium
The ESXi host must log out of the console UI after two minutes.
3
Rule
Severity: Medium
The ESXi host must set a timeout to automatically end idle shell sessions after fifteen minutes.
3
Rule
Severity: Medium
The ESXi host must automatically stop shell services after 10 minutes.
3
Rule
Severity: Medium
The ESXi host must set a timeout to automatically end idle DCUI sessions after 10 minutes.
2
Rule
Severity: Medium
The Photon operating system must configure sshd to disconnect idle Secure Shell (SSH) sessions.
3
Rule
Severity: Medium
The vCenter Server must terminate vSphere Client sessions after 15 minutes of inactivity.
1
Rule
Severity: Medium
The vCenter Server must terminate vSphere Client sessions after 10 minutes of inactivity.
3
Rule
Severity: Medium
The Photon operating system must terminate idle Secure Shell (SSH) sessions after 15 minutes.
3
Rule
Severity: Medium
The Photon operating system must terminate idle Secure Shell (SSH) sessions.
6
Rule
Severity: Medium
Production WebSphere MQ Remotes must utilize Certified Name Filters (CNF).
6
Rule
Severity: Medium
User timeout parameter values for WebSphere MQ queue managers are not specified in accordance with security requirements.
1
Rule
Severity: High
The BIG-IP appliance must be configured to terminate all management sessions after 10 minutes of inactivity.
1
Rule
Severity: Medium
The BIG-IP Core implementation must terminate all communications sessions at the end of the session or as follows: for in-band management sessions (privileged sessions), the session must be terminated after 10 minutes of inactivity, and for user sessions (nonprivileged sessions), the session must be terminated after 15 minutes of inactivity.
1
Rule
Severity: Medium
The macOS system must set login grace time to 30.
1
Rule
Severity: Medium
The macOS system must configure the SSH ServerAliveInterval to 900.
1
Rule
Severity: Medium
The macOS system must configure SSHD channel timeout to 900.
1
Rule
Severity: Medium
The Ubuntu operating system must immediately terminate all network connections associated with SSH traffic after a period of inactivity.
1
Rule
Severity: Medium
Ubuntu 22.04 LTS must be configured so that all network connections associated with SSH traffic terminate after becoming unresponsive.
1
Rule
Severity: Medium
Ubuntu 22.04 LTS must be configured so that all network connections associated with SSH traffic are terminated after 10 minutes of becoming unresponsive.
1
Rule
Severity: Medium
Dragos must configure idle timeouts at 10 minutes.
1
Rule
Severity: High
The Enterprise Voice, Video, and Messaging Endpoint must be configured to terminate all network connections associated with a communications session at the end of the session.
1
Rule
Severity: High
The F5 BIG-IP appliance must terminate all network connections associated with a communications session at the end of the session or after 15 minutes of inactivity.
1
Rule
Severity: Medium
The Enterprise Voice, Video, and Messaging Session Manager must be configured to terminate all network connections associated with a communications session at the end of the session.
1
Rule
Severity: High
The F5 BIG-IP appliance must set the idle time before automatic logout to five minutes of inactivity except to fulfill documented and validated mission requirements.
1
Rule
Severity: High
Sentry must terminate all network connections associated with a device management session at the end of the session, or the session must be terminated after 10 minutes of inactivity except to fulfill documented and validated mission requirement.
1
Rule
Severity: Medium
The Lifetime Minutes and Renewal Threshold Minutes Login Session Controls on MKE must be set.
1
Rule
Severity: Medium
RHEL 8.7 and higher must terminate idle user sessions.
1
Rule
Severity: Medium
SLEM 5 must be configured so that all network connections associated with SSH traffic terminate after becoming unresponsive.
1
Rule
Severity: Medium
SLEM 5 must be configured so that all network connections associated with SSH traffic are terminated after 10 minutes of becoming unresponsive.
2
Rule
Severity: Medium
The operating system must terminate all sessions and network connections when nonlocal maintenance is completed.
1
Rule
Severity: Medium
TOSS must be configured so that all network connections associated with SSH traffic are terminated at the end of the session or after 10 minutes of inactivity, except to fulfill documented and validated mission requirements.
1
Rule
Severity: High
The NSX Manager must terminate all network connections associated with a session after five minutes of inactivity.
Patternfly
PatternFly elements
The content of the drawer really is up to you. It could have form fields, definition lists, text lists, labels, charts, progress bars, etc. Spacing recommendation is 24px margins. You can put tabs in here, and can also make the drawer scrollable.
Modules