Skip to content
ATO Pathways
  Log In

CCI-002322

Provide the capability to disconnect or disable remote access to the system within the organization-defined time period.

Logo
4

Rule

Severity: Medium
The Apache web server must be configured to immediately disconnect or disable remote access to the hosted applications.
Logo
2

Rule

Severity: Medium
The ALG providing intermediary services for remote access communications traffic must provide the capability to immediately disconnect or disable remote access to the information system.
Logo
2

Rule

Severity: Medium
The application server must provide the capability to immediately disconnect or disable remote access to the management interface.
Logo
2

Rule

Severity: Medium
Network access to HTTP management must be disabled on domain-enabled application servers not designated as the domain controller.
Logo
1

Rule

Severity: Medium
OHS must provide the capability to immediately disconnect or disable remote access to the hosted applications.
Logo
2

Rule

Severity: Medium
Common Access Card (CAC)-based authentication must be enabled and enforced on the Tanium Server for all access and all accounts.
Logo
2

Rule

Severity: Medium
The VPN Gateway administrator accounts or security policy must be configured to allow the system administrator to immediately disconnect or disable remote access to devices and/or users when needed.
Logo
2

Rule

Severity: Medium
LockOutRealms failureCount attribute must be set to 5 failed logins for admin users.
Logo
2

Rule

Severity: Low
LockOutRealms lockOutTime attribute must be set to 600 seconds (10 minutes) for admin users.
Logo
2

Rule

Severity: Medium
The operating system must provide the capability to immediately disconnect or disable remote access to the operating system.
Logo
2

Rule

Severity: Medium
The IIS 10.0 website must provide the capability to immediately disconnect or disable remote access to the hosted applications.
Logo
2

Rule

Severity: Medium
The IIS 10.0 web server must provide the capability to immediately disconnect or disable remote access to the hosted applications.
Logo
2

Rule

Severity: Medium
A firewall must be able to protect against or limit the effects of denial-of-service (DoS) attacks by ensuring OL 8 can implement rate-limiting measures on impacted network interfaces.
Logo
2

Rule

Severity: Medium
The Palo Alto Networks security, if used as a TLS gateway/decryption point or VPN concentrator, must provide the capability to immediately disconnect or disable remote access to the information system.
Logo
2

Rule

Severity: Medium
RHEL 9 must have the firewalld package installed.
Logo
2

Rule

Severity: Medium
The SUSE operating system must have a firewall system installed to immediately disconnect or disable remote access to the whole operating system.
Logo
2

Rule

Severity: Medium
The VMM must provide the capability to immediately disconnect or disable remote access to the information system.
Logo
4

Rule

Severity: Medium
The ESXi host must be configured to disable nonessential capabilities by disabling Secure Shell (SSH).
Logo
2

Rule

Severity: Medium
The web server must provide the capability to immediately disconnect or disable remote access to the hosted applications.
Logo
1

Rule

Severity: Medium
SLEM 5 must be configured to prohibit or restrict the use of functions, ports, protocols, and/or services as defined in the Ports, Protocols, and Services Management (PPSM) Category Assignments List (CAL) and vulnerability assessments.

Patternfly

PatternFly elements

The content of the drawer really is up to you. It could have form fields, definition lists, text lists, labels, charts, progress bars, etc. Spacing recommendation is 24px margins. You can put tabs in here, and can also make the drawer scrollable.

Capacity
Modules