Capacity
CCI-002361
Automatically terminate a user session after organization-defined conditions or trigger events requiring session disconnect.
23
Rule
Severity: Medium
Set Interactive Session Timeout
29
Rule
Severity: Medium
Set SSH Client Alive Count Max to zero
29
Rule
Severity: Medium
Set SSH Client Alive Count Max
29
Rule
Severity: Medium
Set SSH Client Alive Interval
1
Rule
Severity: Medium
Compliance Guardian must provide automated mechanisms for supporting account management functions.
4
Rule
Severity: Medium
The Apache web server must set an absolute timeout for sessions.
2
Rule
Severity: Medium
The Apache web server must set an inactive timeout for completing the TLS handshake
2
Rule
Severity: Medium
The Apache web server must set an inactive timeout for completing the TLS handshake.
2
Rule
Severity: Medium
The ALG providing user access control intermediary services must automatically terminate a user session when organization-defined conditions or trigger events that require a session disconnect occur.
2
Rule
Severity: Medium
The application server must automatically terminate a user session after organization-defined conditions or trigger events requiring a session disconnect.
2
Rule
Severity: Medium
The application must clear temporary storage and cookies when the session is terminated.
2
Rule
Severity: Medium
The application must automatically terminate the non-privileged user session and log off non-privileged users after a 15 minute idle time period has elapsed.
2
Rule
Severity: Medium
The application must automatically terminate the admin user session and log off admin users after a 10 minute idle time period is exceeded.
2
Rule
Severity: Medium
The BlackBerry Enterprise Mobility Server (BEMS) must be configured with an inactivity timeout of 15 minutes or less.
1
Rule
Severity: Medium
The CA API Gateway providing user access control intermediary services must automatically terminate a user session when organization-defined conditions or trigger events that require a session disconnect occur.
2
Rule
Severity: Medium
CA IDMS must automatically terminate a terminal session after organization-defined conditions or trigger events of terminal inactivity time.
2
Rule
Severity: Medium
CA IDMS must automatically terminate a batch external request unit after organization-defined conditions or trigger events after the batch program abnormally terminates.
2
Rule
Severity: Medium
CA IDMS must automatically terminate an external run-unit after organization-defined conditions or trigger events of time waiting to issue a database request.
2
Rule
Severity: Medium
CA IDMS must automatically terminate a task or session after organization-defined conditions or trigger events of time waiting to get a resource and/or time of inactivity.
2
Rule
Severity: Medium
The Central Log Server must automatically terminate a user session after organization-defined conditions or trigger events requiring session disconnect.
1
Rule
Severity: Medium
The DBN-6300 must automatically terminate a network administrator session after organization-defined conditions or trigger events requiring session disconnect.
1
Rule
Severity: Medium
The Lifetime Minutes and Renewal Threshold Minutes Login Session Controls must be set to 10 and 0 respectively in Docker Enterprise.
1
Rule
Severity: Low
The Docker Enterprise per user limit login session control must be set per the requirements in the System Security Plan (SSP).
2
Rule
Severity: Medium
For TLS connections, Forescout must automatically terminate the session when a client certificate is requested and the client does not have a suitable certificate. This is required for compliance with C2C Step 1.
1
Rule
Severity: Medium
The storage system must terminate all network connections associated with a communications session at the end of the session, at shutdown, or after 10 minutes of inactivity.
1
Rule
Severity: Medium
The DataPower Gateway must automatically terminate a network administrator session after organization-defined conditions or trigger events requiring session disconnect.
1
Rule
Severity: Medium
IBM Aspera Console interactive session must be terminated after 10 minutes of inactivity for non-privileged and privileged sessions.
1
Rule
Severity: Medium
IBM Aspera Faspex interactive session must be terminated after 10 minutes of inactivity for non-privileged and privileged sessions.
1
Rule
Severity: Medium
The IBM Aspera Shares interactive session must be terminated after 10 minutes of inactivity for non-privileged and privileged sessions.
1
Rule
Severity: Medium
The MQ Appliance messaging server must automatically terminate a SSH user session after organization-defined conditions or trigger events requiring a session disconnect.
1
Rule
Severity: Medium
The MQ Appliance must automatically terminate a WebGUI user session after 600 seconds of idle time.
2
Rule
Severity: Medium
HTTP session timeout must be configured.
1
Rule
Severity: Medium
DB2 must automatically terminate a user session after organization-defined conditions or trigger events requiring session disconnect.
1
Rule
Severity: Medium
The WebSphere Application Server admin console session timeout must be configured.
1
Rule
Severity: Medium
The MQ Appliance network device must automatically terminate a network administrator session after organization-defined conditions or trigger events requiring session disconnect.
1
Rule
Severity: Medium
The Ivanti MobileIron Core server must automatically terminate a user session after an organization-defined period of user inactivity.
2
Rule
Severity: Medium
The Juniper SRX Services Gateway must be configured to use an authentication server to centrally apply authentication and logon settings for remote and nonlocal access for device management.
2
Rule
Severity: Medium
The Juniper SRX Services Gateway VPN must renegotiate the IPsec security association after 8 hours or less.
2
Rule
Severity: Medium
The Juniper SRX Services Gateway VPN must renegotiate the IKE security association after 24 hours or less.
2
Rule
Severity: Medium
The Mainframe Product must automatically terminate a user session after conditions, as defined in site security plan, are met or trigger events requiring session disconnect.
2
Rule
Severity: Medium
Azure SQL Database must automatically terminate a user session after organization-defined conditions or trigger events requiring session disconnect.
2
Rule
Severity: Low
The Exchange Receive connector timeout must be limited.
1
Rule
Severity: Medium
SQL Server must automatically terminate a user session after organization-defined conditions or trigger events requiring session disconnect.
1
Rule
Severity: Medium
Nutanix AOS must automatically terminate a user session after inactivity time-outs have expired or at shutdown.
1
Rule
Severity: Medium
Riverbed Optimization System (RiOS) must automatically terminate a network administrator session after organization-defined conditions or trigger events requiring session disconnect.
1
Rule
Severity: High
Innoslate must use multifactor authentication for network access to privileged and non-privileged accounts.
2
Rule
Severity: Medium
Splunk Enterprise idle session timeout must be set to not exceed 15 minutes.
1
Rule
Severity: Medium
Tanium must set an absolute timeout for sessions.
1
Rule
Severity: Medium
Tanium must set an inactive timeout for sessions.
1
Rule
Severity: Medium
The Tanium application must set an absolute timeout for sessions.
5
Rule
Severity: Medium
The Tanium application must set an inactive timeout for sessions.
2
Rule
Severity: Medium
Tanium Operating System (TanOS) must automatically terminate a user session after organization-defined conditions or trigger events requiring session disconnect.
2
Rule
Severity: Medium
The UEM server must automatically terminate a user session after an organization-defined period of user inactivity.
2
Rule
Severity: Medium
The Apache web server must invalidate session identifiers upon hosted application user logout or other session termination.
2
Rule
Severity: Medium
The Apache web server must set an inactive timeout for sessions.
1
Rule
Severity: Medium
Idle timeout for management application must be set to 10 minutes.
2
Rule
Severity: Medium
The macOS system must configure SSHD Channel Timeout to 900.
3
Rule
Severity: Medium
The macOS system must configure SSHD unused connection timeout to 900.
3
Rule
Severity: Medium
The macOS system must enforce auto logout after 86400 seconds of inactivity.
1
Rule
Severity: Medium
The Ubuntu operating system must automatically terminate all network connections associated with SSH traffic at the end of the session or after 10 minutes of inactivity.
2
Rule
Severity: Medium
The Ubuntu operating system must automatically terminate a user session after inactivity timeouts have expired.
4
Rule
Severity: Medium
PostgreSQL must automatically terminate a user session after organization-defined conditions or trigger events requiring session disconnect.
3
Rule
Severity: Medium
The EDB Postgres Advanced Server must automatically terminate a user session after organization-defined conditions or trigger events requiring session disconnect.
3
Rule
Severity: Medium
The DBMS must automatically terminate a user session after organization-defined conditions or trigger events requiring session disconnect.
2
Rule
Severity: Medium
The operating system must automatically terminate a user session after inactivity time-outs have expired or at shutdown.
2
Rule
Severity: Medium
SSMC must terminate all network connections associated with a communications session at the end of the session, or as follows: for in-band management sessions (privileged sessions), the session must be terminated after 10 minutes of inactivity.
2
Rule
Severity: Medium
SSMC web server must set an absolute timeout for sessions.
2
Rule
Severity: Medium
SSMC web server must set an inactive timeout for sessions.
2
Rule
Severity: Medium
SSMC web server must set an inactive timeout for shell sessions.
2
Rule
Severity: Medium
The HPE 3PAR OS must be configured to terminate all network connections associated with a communications session at the end of the session, or after 10 minutes of inactivity.
2
Rule
Severity: Medium
AIX must config the SSH idle timeout interval.
2
Rule
Severity: Medium
AIX must set inactivity time-out on login sessions and terminate all login sessions after 10 minutes of inactivity.
2
Rule
Severity: Medium
The CA-TSS NEWPW control options must be properly set.
2
Rule
Severity: Medium
IBM z/OS PROFILE.TCPIP configuration INACTIVITY statement must be configured to 900 seconds.
2
Rule
Severity: Medium
CA-TSS VTHRESH Control Option values specified must be set to (10,NOT,CAN).
2
Rule
Severity: Medium
IBM z/OS must configure system wait times to protect resource availability based on site priorities.
2
Rule
Severity: Medium
IBM z/OS PROFILE.TCPIP configuration for the TN3270 Telnet server must have the INACTIVE statement properly specified.
2
Rule
Severity: Medium
MariaDB must automatically terminate a user's session after organization-defined conditions or trigger events requiring session disconnect.
1
Rule
Severity: Medium
MongoDB must automatically terminate a user session after organization-defined conditions or trigger events requiring session disconnect.
2
Rule
Severity: Low
The Exchange receive connector timeout must be limited.
2
Rule
Severity: Medium
Exchange must limit the Receive connector timeout.
2
Rule
Severity: Medium
The Idle Time-out monitor for each IIS 10.0 website must be enabled.
2
Rule
Severity: Medium
The IIS 10.0 websites connectionTimeout setting must be explicitly configured to disconnect an idle session.
2
Rule
Severity: Medium
The machine inactivity limit must be set to 15 minutes, locking the system with the screensaver.
2
Rule
Severity: Low
Windows Server 2022 directory service must be configured to terminate LDAP-based network connections to the directory server after five minutes of inactivity.
1
Rule
Severity: Medium
The DBMS must terminate the network connection associated with a communications session at the end of the session or after 15 minutes of inactivity.
2
Rule
Severity: Medium
The DBMS must terminate the network connection associated with a communications session at the end of the session or 15 minutes of inactivity.
2
Rule
Severity: Medium
The Oracle Linux operating system must be configured so that all network connections associated with SSH traffic are terminated after 10 minutes of becoming unresponsive.
2
Rule
Severity: Medium
OL 8 must be configured so that all network connections associated with SSH traffic terminate after becoming unresponsive.
2
Rule
Severity: Medium
OL 8 must be configured so that all network connections associated with SSH traffic are terminated after 10 minutes of becoming unresponsive.
2
Rule
Severity: Medium
The MySQL Database Server 8.0 must automatically terminate a user session after organization-defined conditions or trigger events requiring session disconnect.
2
Rule
Severity: Medium
Automation Controller must limit the number of concurrent sessions to an organization-defined number for all accounts and/or account types.
2
Rule
Severity: Medium
The Automation Controller web server must manage sessions.
1
Rule
Severity: Medium
The Red Hat Enterprise Linux operating system must be configured so that all network connections associated with a communication session are terminated at the end of the session or after 15 minutes of inactivity from the user at a command prompt, except to fulfill documented and validated mission requirements.
1
Rule
Severity: Medium
The Red Hat Enterprise Linux operating system must be configured so that all network connections associated with SSH traffic are terminated after 10 minutes of becoming unresponsive.
1
Rule
Severity: Medium
The Red Hat Enterprise Linux operating system must be configured so that all network connections associated with SSH traffic terminate after becoming unresponsive.
4
Rule
Severity: Medium
The SUSE operating system SSH daemon must be configured with a timeout interval.
4
Rule
Severity: Medium
The SUSE operating system for all network connections associated with SSH traffic must immediately terminate at the end of the session or after 10 minutes of inactivity.
2
Rule
Severity: Medium
RHEL 9 must be configured so that all network connections associated with SSH traffic terminate after becoming unresponsive.
2
Rule
Severity: Medium
RHEL 9 must be configured so that all network connections associated with SSH traffic are terminated after 10 minutes of becoming unresponsive.
2
Rule
Severity: Medium
Splunk Enterprise idle session timeout must be set to not exceed 15 minutes.
2
Rule
Severity: Medium
The VMM must automatically terminate a user session after inactivity timeouts have expired or at shutdown.
1
Rule
Severity: Medium
The ESXi host must set a timeout to automatically disable idle shell sessions after two minutes.
3
Rule
Severity: Medium
The ESXi host must set a timeout to automatically end idle shell sessions after fifteen minutes.
1
Rule
Severity: Medium
The Photon operating system must set a session inactivity timeout of 15 minutes or less.
3
Rule
Severity: Medium
The vCenter Server must terminate vSphere Client sessions after 15 minutes of inactivity.
1
Rule
Severity: Medium
The vCenter Server must terminate vSphere Client sessions after 10 minutes of inactivity.
3
Rule
Severity: Medium
The vCenter ESX Agent Manager service must set an inactive timeout for sessions.
3
Rule
Severity: Medium
The vCenter Lookup service must set an inactive timeout for sessions.
3
Rule
Severity: Medium
The vCenter Perfcharts service must set an inactive timeout for sessions.
3
Rule
Severity: Medium
The operating system must automatically terminate a user session after inactivity time-outs have expired.
3
Rule
Severity: Medium
The vCenter STS service must set an inactive timeout for sessions.
3
Rule
Severity: Medium
The vCenter UI service must set an inactive timeout for sessions.
1
Rule
Severity: Medium
The web server must set an absolute timeout for sessions.
2
Rule
Severity: Medium
The web server must set an inactive timeout for sessions.
1
Rule
Severity: Medium
The BIG-IP APM module access policy profile must be configured to automatically terminate user sessions for users connected to virtual servers when organization-defined conditions or trigger events occur that require a session disconnect.
1
Rule
Severity: Medium
The BIG-IP Core implementation must automatically terminate a user session for a user connected to virtual servers when organization-defined conditions or trigger events occur that require a session disconnect.
1
Rule
Severity: Medium
Idle timeout for the management application must be set to 10 minutes.
1
Rule
Severity: Medium
The macOS system must configure SSHD channel timeout to 900.
1
Rule
Severity: Medium
Ubuntu 22.04 LTS must automatically exit interactive command shell user sessions after 15 minutes of inactivity.
1
Rule
Severity: Medium
Dragos must configure idle timeouts at 10 minutes.
1
Rule
Severity: Medium
The Ivanti EPMM server must automatically terminate a user session after an organization-defined period of user inactivity.
1
Rule
Severity: Medium
Microsoft Intune service must initiate a session lock after a 15-minute period of inactivity.
1
Rule
Severity: Medium
SLEM 5 must be configured so that all network connections associated with SSH traffic are terminated after 10 minutes of becoming unresponsive.
1
Rule
Severity: Medium
TOSS must be configured so that all network connections associated with SSH traffic are terminated at the end of the session or after 10 minutes of inactivity, except to fulfill documented and validated mission requirements.
1
Rule
Severity: Medium
The web server must set an absolute session timeout value of eight hours or less.
Patternfly
PatternFly elements
The content of the drawer really is up to you. It could have form fields, definition lists, text lists, labels, charts, progress bars, etc. Spacing recommendation is 24px margins. You can put tabs in here, and can also make the drawer scrollable.
Modules