CCI-002361
Automatically terminate a user session after organization-defined conditions or trigger events requiring session disconnect.
1 rule found Severity: Medium
The BlackBerry Enterprise Mobility Server (BEMS) must be configured with an inactivity timeout of 15 minutes or less.
2 rules found Severity: Medium
The CA API Gateway providing user access control intermediary services must automatically terminate a user session when organization-defined conditions or trigger events that require a session disconnect occur.
1 rule found Severity: Medium
The DBN-6300 must automatically terminate a network administrator session after organization-defined conditions or trigger events requiring session disconnect.
1 rule found Severity: Medium
The Lifetime Minutes and Renewal Threshold Minutes Login Session Controls must be set to 10 and 0 respectively in Docker Enterprise.
1 rule found Severity: Medium
The Docker Enterprise per user limit login session control must be set per the requirements in the System Security Plan (SSP).
1 rule found Severity: Low
The storage system must terminate all network connections associated with a communications session at the end of the session, at shutdown, or after 10 minutes of inactivity.
1 rule found Severity: Medium
The DataPower Gateway must automatically terminate a network administrator session after organization-defined conditions or trigger events requiring session disconnect.
1 rule found Severity: Medium
IBM Aspera Console interactive session must be terminated after 10 minutes of inactivity for non-privileged and privileged sessions.
1 rule found Severity: Medium
IBM Aspera Faspex interactive session must be terminated after 10 minutes of inactivity for non-privileged and privileged sessions.
1 rule found Severity: Medium
The IBM Aspera Shares interactive session must be terminated after 10 minutes of inactivity for non-privileged and privileged sessions.
1 rule found Severity: Medium
The MQ Appliance messaging server must automatically terminate a SSH user session after organization-defined conditions or trigger events requiring a session disconnect.
1 rule found Severity: Medium
1 rule found Severity: Medium
DB2 must automatically terminate a user session after organization-defined conditions or trigger events requiring session disconnect.
1 rule found Severity: Medium
1 rule found Severity: Medium
The MQ Appliance network device must automatically terminate a network administrator session after organization-defined conditions or trigger events requiring session disconnect.
1 rule found Severity: Medium
The Ivanti MobileIron Core server must automatically terminate a user session after an organization-defined period of user inactivity.
1 rule found Severity: Medium
SQL Server must automatically terminate a user session after organization-defined conditions or trigger events requiring session disconnect.
1 rule found Severity: Medium
Nutanix AOS must automatically terminate a user session after inactivity time-outs have expired or at shutdown.
1 rule found Severity: Medium
Riverbed Optimization System (RiOS) must automatically terminate a network administrator session after organization-defined conditions or trigger events requiring session disconnect.
1 rule found Severity: Medium
Innoslate must use multifactor authentication for network access to privileged and non-privileged accounts.
1 rule found Severity: High
Tanium Operating System (TanOS) must automatically terminate a user session after organization-defined conditions or trigger events requiring session disconnect.
2 rules found Severity: Medium
The Ubuntu operating system must automatically terminate all network connections associated with SSH traffic at the end of the session or after 10 minutes of inactivity.
1 rule found Severity: Medium
MongoDB must automatically terminate a user session after organization-defined conditions or trigger events requiring session disconnect.
1 rule found Severity: Medium
The DBMS must terminate the network connection associated with a communications session at the end of the session or after 15 minutes of inactivity.
1 rule found Severity: Medium
PostgreSQL must automatically terminate a user session after organization-defined conditions or trigger events requiring session disconnect.
3 rules found Severity: Medium
The Red Hat Enterprise Linux operating system must be configured so that all network connections associated with a communication session are terminated at the end of the session or after 15 minutes of inactivity from the user at a command prompt, except to fulfill documented and validated mission requirements.
1 rule found Severity: Medium
The Red Hat Enterprise Linux operating system must be configured so that all network connections associated with SSH traffic are terminated after 10 minutes of becoming unresponsive.
1 rule found Severity: Medium
The Red Hat Enterprise Linux operating system must be configured so that all network connections associated with SSH traffic terminate after becoming unresponsive.
1 rule found Severity: Medium
The EDB Postgres Advanced Server must automatically terminate a user session after organization-defined conditions or trigger events requiring session disconnect.
2 rules found Severity: Medium
The BIG-IP APM module access policy profile must be configured to automatically terminate user sessions for users connected to virtual servers when organization-defined conditions or trigger events occur that require a session disconnect.
1 rule found Severity: Medium
The BIG-IP Core implementation must automatically terminate a user session for a user connected to virtual servers when organization-defined conditions or trigger events occur that require a session disconnect.
1 rule found Severity: Medium
1 rule found Severity: Medium
CA IDMS must automatically terminate a terminal session after organization-defined conditions or trigger events of terminal inactivity time.
1 rule found Severity: Medium
CA IDMS must automatically terminate a batch external request unit after organization-defined conditions or trigger events after the batch program abnormally terminates.
1 rule found Severity: Medium
CA IDMS must automatically terminate an external run-unit after organization-defined conditions or trigger events of time waiting to issue a database request.
1 rule found Severity: Medium
CA IDMS must automatically terminate a task or session after organization-defined conditions or trigger events of time waiting to get a resource and/or time of inactivity.
1 rule found Severity: Medium
The Ubuntu operating system must automatically terminate a user session after inactivity timeouts have expired.
1 rule found Severity: Medium
SSMC must terminate all network connections associated with a communications session at the end of the session, or as follows: for in-band management sessions (privileged sessions), the session must be terminated after 10 minutes of inactivity.
1 rule found Severity: Medium
The HPE 3PAR OS must be configured to terminate all network connections associated with a communications session at the end of the session, or after 10 minutes of inactivity.
1 rule found Severity: Medium
AIX must set inactivity time-out on login sessions and terminate all login sessions after 10 minutes of inactivity.
1 rule found Severity: Medium
The Ivanti EPMM server must automatically terminate a user session after an organization-defined period of user inactivity.
1 rule found Severity: Medium
The DBMS must automatically terminate a user session after organization-defined conditions or trigger events requiring session disconnect.
2 rules found Severity: Medium
Azure SQL Database must automatically terminate a user session after organization-defined conditions or trigger events requiring session disconnect.
1 rule found Severity: Medium
The IIS 10.0 websites connectionTimeout setting must be explicitly configured to disconnect an idle session.
1 rule found Severity: Medium
1 rule found Severity: Medium
1 rule found Severity: Medium
The Oracle Linux operating system must be configured so that all network connections associated with SSH traffic are terminated after 10 minutes of becoming unresponsive.
1 rule found Severity: Medium
The MySQL Database Server 8.0 must automatically terminate a user session after organization-defined conditions or trigger events requiring session disconnect.
1 rule found Severity: Medium
Automation Controller must limit the number of concurrent sessions to an organization-defined number for all accounts and/or account types.
1 rule found Severity: Medium
SLEM 5 must be configured so that all network connections associated with SSH traffic are terminated after 10 minutes of becoming unresponsive.
1 rule found Severity: Medium
1 rule found Severity: Medium
1 rule found Severity: Medium
TOSS must be configured so that all network connections associated with SSH traffic are terminated at the end of the session or after 10 minutes of inactivity, except to fulfill documented and validated mission requirements.
1 rule found Severity: Medium
1 rule found Severity: Medium
1 rule found Severity: Medium
The Apache web server must invalidate session identifiers upon hosted application user logout or other session termination.
1 rule found Severity: Medium
1 rule found Severity: Medium
1 rule found Severity: Medium
2 rules found Severity: Medium
2 rules found Severity: Medium
The application server must automatically terminate a user session after organization-defined conditions or trigger events requiring a session disconnect.
1 rule found Severity: Medium
The ALG providing user access control intermediary services must automatically terminate a user session when organization-defined conditions or trigger events that require a session disconnect occur.
1 rule found Severity: Medium
1 rule found Severity: Medium
The application must automatically terminate the non-privileged user session and log off non-privileged users after a 15 minute idle time period has elapsed.
1 rule found Severity: Medium
The application must automatically terminate the admin user session and log off admin users after a 10 minute idle time period is exceeded.
1 rule found Severity: Medium
Ubuntu 22.04 LTS must automatically exit interactive command shell user sessions after 15 minutes of inactivity.
1 rule found Severity: Medium
The Central Log Server must automatically terminate a user session after organization-defined conditions or trigger events requiring session disconnect.
1 rule found Severity: Medium
AlmaLinux OS 9 must be configured so that all network connections associated with SSH traffic are terminated after 10 minutes of becoming unresponsive.
1 rule found Severity: Medium
For TLS connections, Forescout must automatically terminate the session when a client certificate is requested and the client does not have a suitable certificate. This is required for compliance with C2C Step 1.
1 rule found Severity: Medium
The operating system must automatically terminate a user session after inactivity time-outs have expired or at shutdown.
1 rule found Severity: Medium
1 rule found Severity: Medium
IBM z/OS must configure system wait times to protect resource availability based on site priorities.
1 rule found Severity: Medium
1 rule found Severity: Medium
IBM z/OS PROFILE.TCPIP configuration for the TN3270 Telnet server must have the INACTIVE statement properly specified.
1 rule found Severity: Medium
The Mainframe Product must automatically terminate a user session after conditions, as defined in site security plan, are met or trigger events requiring session disconnect.
1 rule found Severity: Medium
The Juniper SRX Services Gateway must be configured to use an authentication server to centrally apply authentication and logon settings for remote and nonlocal access for device management.
1 rule found Severity: Medium
MariaDB must automatically terminate a user's session after organization-defined conditions or trigger events requiring session disconnect.
1 rule found Severity: Medium
The Juniper SRX Services Gateway VPN must renegotiate the IPsec security association after 8 hours or less.
1 rule found Severity: Medium
The Juniper SRX Services Gateway VPN must renegotiate the IKE security association after 24 hours or less.
1 rule found Severity: Medium
Windows Server 2022 directory service must be configured to terminate LDAP-based network connections to the directory server after five minutes of inactivity.
1 rule found Severity: Low
The DBMS must terminate the network connection associated with a communications session at the end of the session or 15 minutes of inactivity.
1 rule found Severity: Medium
OL 8 must be configured so that all network connections associated with SSH traffic terminate after becoming unresponsive.
1 rule found Severity: Medium
OL 8 must be configured so that all network connections associated with SSH traffic are terminated after 10 minutes of becoming unresponsive.
1 rule found Severity: Medium
RHEL 9 must be configured so that all network connections associated with SSH traffic terminate after becoming unresponsive.
1 rule found Severity: Medium
RHEL 9 must be configured so that all network connections associated with SSH traffic are terminated after 10 minutes of becoming unresponsive.
1 rule found Severity: Medium
2 rules found Severity: Medium
The SUSE operating system for all network connections associated with SSH traffic must immediately terminate at the end of the session or after 10 minutes of inactivity.
2 rules found Severity: Medium
The UEM server must automatically terminate a user session after an organization-defined period of user inactivity.
1 rule found Severity: Medium
The VMM must automatically terminate a user session after inactivity timeouts have expired or at shutdown.
1 rule found Severity: Medium
1 rule found Severity: Medium
2 rules found Severity: Medium
1 rule found Severity: Medium
2 rules found Severity: Medium
2 rules found Severity: Medium
2 rules found Severity: Medium
1 rule found Severity: Medium
2 rules found Severity: Medium
The operating system must automatically terminate a user session after inactivity time-outs have expired.
2 rules found Severity: Medium