Skip to content
Log In

CCI-002361

Automatically terminate a user session after organization-defined conditions or trigger events requiring session disconnect.

Set Interactive Session Timeout

6 rules found Severity: Medium

Logo

Set SSH Client Alive Count Max to zero

30 rules found Severity: Medium

Logo

Set SSH Client Alive Count Max

31 rules found Severity: Medium

Logo

Set SSH Client Alive Interval

33 rules found Severity: Medium

Logo

Compliance Guardian must provide automated mechanisms for supporting account management functions.

1 rule found Severity: Medium

Logo

The BlackBerry Enterprise Mobility Server (BEMS) must be configured with an inactivity timeout of 15 minutes or less.

2 rules found Severity: Medium

Logo

The CA API Gateway providing user access control intermediary services must automatically terminate a user session when organization-defined conditions or trigger events that require a session disconnect occur.

1 rule found Severity: Medium

Logo

The DBN-6300 must automatically terminate a network administrator session after organization-defined conditions or trigger events requiring session disconnect.

1 rule found Severity: Medium

Logo

The Lifetime Minutes and Renewal Threshold Minutes Login Session Controls must be set to 10 and 0 respectively in Docker Enterprise.

1 rule found Severity: Medium

Logo

The Docker Enterprise per user limit login session control must be set per the requirements in the System Security Plan (SSP).

1 rule found Severity: Low

Logo

The storage system must terminate all network connections associated with a communications session at the end of the session, at shutdown, or after 10 minutes of inactivity.

1 rule found Severity: Medium

Logo

The DataPower Gateway must automatically terminate a network administrator session after organization-defined conditions or trigger events requiring session disconnect.

1 rule found Severity: Medium

Logo

IBM Aspera Console interactive session must be terminated after 10 minutes of inactivity for non-privileged and privileged sessions.

1 rule found Severity: Medium

Logo

IBM Aspera Faspex interactive session must be terminated after 10 minutes of inactivity for non-privileged and privileged sessions.

1 rule found Severity: Medium

Logo

The IBM Aspera Shares interactive session must be terminated after 10 minutes of inactivity for non-privileged and privileged sessions.

1 rule found Severity: Medium

Logo

The MQ Appliance messaging server must automatically terminate a SSH user session after organization-defined conditions or trigger events requiring a session disconnect.

1 rule found Severity: Medium

Logo

The MQ Appliance must automatically terminate a WebGUI user session after 600 seconds of idle time.

1 rule found Severity: Medium

Logo

DB2 must automatically terminate a user session after organization-defined conditions or trigger events requiring session disconnect.

1 rule found Severity: Medium

Logo

The WebSphere Application Server admin console session timeout must be configured.

1 rule found Severity: Medium

Logo

The MQ Appliance network device must automatically terminate a network administrator session after organization-defined conditions or trigger events requiring session disconnect.

1 rule found Severity: Medium

Logo

The Ivanti MobileIron Core server must automatically terminate a user session after an organization-defined period of user inactivity.

1 rule found Severity: Medium

Logo

The Exchange Receive connector timeout must be limited.

2 rules found Severity: Low

Logo

SQL Server must automatically terminate a user session after organization-defined conditions or trigger events requiring session disconnect.

1 rule found Severity: Medium

Logo

Nutanix AOS must automatically terminate a user session after inactivity time-outs have expired or at shutdown.

1 rule found Severity: Medium

Logo

Riverbed Optimization System (RiOS) must automatically terminate a network administrator session after organization-defined conditions or trigger events requiring session disconnect.

1 rule found Severity: Medium

Logo

Innoslate must use multifactor authentication for network access to privileged and non-privileged accounts.

1 rule found Severity: High

Logo

Tanium must set an absolute timeout for sessions.

1 rule found Severity: Medium

Logo

Tanium must set an inactive timeout for sessions.

1 rule found Severity: Medium

Logo

The Tanium application must set an absolute timeout for sessions.

1 rule found Severity: Medium

Logo

The Tanium application must set an inactive timeout for sessions.

4 rules found Severity: Medium

Logo

Tanium Operating System (TanOS) must automatically terminate a user session after organization-defined conditions or trigger events requiring session disconnect.

2 rules found Severity: Medium

Logo

The Ubuntu operating system must automatically terminate all network connections associated with SSH traffic at the end of the session or after 10 minutes of inactivity.

1 rule found Severity: Medium

Logo

MongoDB must automatically terminate a user session after organization-defined conditions or trigger events requiring session disconnect.

1 rule found Severity: Medium

Logo

The DBMS must terminate the network connection associated with a communications session at the end of the session or after 15 minutes of inactivity.

1 rule found Severity: Medium

Logo

PostgreSQL must automatically terminate a user session after organization-defined conditions or trigger events requiring session disconnect.

3 rules found Severity: Medium

Logo

The Red Hat Enterprise Linux operating system must be configured so that all network connections associated with a communication session are terminated at the end of the session or after 15 minutes of inactivity from the user at a command prompt, except to fulfill documented and validated mission requirements.

1 rule found Severity: Medium

Logo

The Red Hat Enterprise Linux operating system must be configured so that all network connections associated with SSH traffic are terminated after 10 minutes of becoming unresponsive.

1 rule found Severity: Medium

Logo

The Red Hat Enterprise Linux operating system must be configured so that all network connections associated with SSH traffic terminate after becoming unresponsive.

1 rule found Severity: Medium

Logo

The EDB Postgres Advanced Server must automatically terminate a user session after organization-defined conditions or trigger events requiring session disconnect.

2 rules found Severity: Medium

Logo

The BIG-IP APM module access policy profile must be configured to automatically terminate user sessions for users connected to virtual servers when organization-defined conditions or trigger events occur that require a session disconnect.

1 rule found Severity: Medium

Logo

The BIG-IP Core implementation must automatically terminate a user session for a user connected to virtual servers when organization-defined conditions or trigger events occur that require a session disconnect.

1 rule found Severity: Medium

Logo

Idle timeout for the management application must be set to 10 minutes.

1 rule found Severity: Medium

Logo

CA IDMS must automatically terminate a terminal session after organization-defined conditions or trigger events of terminal inactivity time.

1 rule found Severity: Medium

Logo

CA IDMS must automatically terminate a batch external request unit after organization-defined conditions or trigger events after the batch program abnormally terminates.

1 rule found Severity: Medium

Logo

CA IDMS must automatically terminate an external run-unit after organization-defined conditions or trigger events of time waiting to issue a database request.

1 rule found Severity: Medium

Logo

CA IDMS must automatically terminate a task or session after organization-defined conditions or trigger events of time waiting to get a resource and/or time of inactivity.

1 rule found Severity: Medium

Logo

The Ubuntu operating system must automatically terminate a user session after inactivity timeouts have expired.

1 rule found Severity: Medium

Logo

SSMC must terminate all network connections associated with a communications session at the end of the session, or as follows: for in-band management sessions (privileged sessions), the session must be terminated after 10 minutes of inactivity.

1 rule found Severity: Medium

Logo

SSMC web server must set an absolute timeout for sessions.

1 rule found Severity: Medium

Logo

SSMC web server must set an inactive timeout for sessions.

1 rule found Severity: Medium

Logo

SSMC web server must set an inactive timeout for shell sessions.

1 rule found Severity: Medium

Logo

The HPE 3PAR OS must be configured to terminate all network connections associated with a communications session at the end of the session, or after 10 minutes of inactivity.

1 rule found Severity: Medium

Logo

AIX must config the SSH idle timeout interval.

1 rule found Severity: Medium

Logo

AIX must set inactivity time-out on login sessions and terminate all login sessions after 10 minutes of inactivity.

1 rule found Severity: Medium

Logo

HTTP session timeout must be configured.

1 rule found Severity: Medium

Logo

The Ivanti EPMM server must automatically terminate a user session after an organization-defined period of user inactivity.

1 rule found Severity: Medium

Logo

The DBMS must automatically terminate a user session after organization-defined conditions or trigger events requiring session disconnect.

2 rules found Severity: Medium

Logo

Azure SQL Database must automatically terminate a user session after organization-defined conditions or trigger events requiring session disconnect.

1 rule found Severity: Medium

Logo

The Idle Time-out monitor for each IIS 10.0 website must be enabled.

1 rule found Severity: Medium

Logo

The IIS 10.0 websites connectionTimeout setting must be explicitly configured to disconnect an idle session.

1 rule found Severity: Medium

Logo

Microsoft Intune service must initiate a session lock after a 15-minute period of inactivity.

1 rule found Severity: Medium

Logo

The machine inactivity limit must be set to 15 minutes, locking the system with the screensaver.

1 rule found Severity: Medium

Logo

The Oracle Linux operating system must be configured so that all network connections associated with SSH traffic are terminated after 10 minutes of becoming unresponsive.

1 rule found Severity: Medium

Logo

The MySQL Database Server 8.0 must automatically terminate a user session after organization-defined conditions or trigger events requiring session disconnect.

1 rule found Severity: Medium

Logo

Automation Controller must limit the number of concurrent sessions to an organization-defined number for all accounts and/or account types.

1 rule found Severity: Medium

Logo

The Automation Controller web server must manage sessions.

1 rule found Severity: Medium

Logo

SLEM 5 must be configured so that all network connections associated with SSH traffic are terminated after 10 minutes of becoming unresponsive.

1 rule found Severity: Medium

Logo

Splunk Enterprise idle session timeout must be set to not exceed 15 minutes.

1 rule found Severity: Medium

Logo

Splunk Enterprise idle session timeout must be set to not exceed 15 minutes.

1 rule found Severity: Medium

Logo

TOSS must be configured so that all network connections associated with SSH traffic are terminated at the end of the session or after 10 minutes of inactivity, except to fulfill documented and validated mission requirements.

1 rule found Severity: Medium

Logo

The web server must set an absolute session timeout value of eight hours or less.

1 rule found Severity: Medium

Logo

The web server must set an inactive timeout for sessions.

1 rule found Severity: Medium

Logo

NixOS must terminate all SSH connections after 10 minutes of becoming unresponsive.

1 rule found Severity: Medium

Logo

The Apache web server must invalidate session identifiers upon hosted application user logout or other session termination.

1 rule found Severity: Medium

Logo

The Apache web server must set an inactive timeout for sessions.

1 rule found Severity: Medium

Logo

The Apache web server must set an absolute timeout for sessions.

2 rules found Severity: Medium

Logo

The Apache web server must set an inactive timeout for completing the TLS handshake

1 rule found Severity: Medium

Logo

The Apache web server must set an inactive timeout for completing the TLS handshake.

1 rule found Severity: Medium

Logo

The macOS system must configure SSHD Channel Timeout to 900.

1 rule found Severity: Medium

Logo

The macOS system must configure SSHD unused connection timeout to 900.

2 rules found Severity: Medium

Logo

The macOS system must enforce auto logout after 86400 seconds of inactivity.

2 rules found Severity: Medium

Logo

The macOS system must configure SSHD channel timeout to 900.

1 rule found Severity: Medium

Logo

The application server must automatically terminate a user session after organization-defined conditions or trigger events requiring a session disconnect.

1 rule found Severity: Medium

Logo

The ALG providing user access control intermediary services must automatically terminate a user session when organization-defined conditions or trigger events that require a session disconnect occur.

1 rule found Severity: Medium

Logo

The application must clear temporary storage and cookies when the session is terminated.

1 rule found Severity: Medium

Logo

The application must automatically terminate the non-privileged user session and log off non-privileged users after a 15 minute idle time period has elapsed.

1 rule found Severity: Medium

Logo

The application must automatically terminate the admin user session and log off admin users after a 10 minute idle time period is exceeded.

1 rule found Severity: Medium

Logo

Ubuntu 22.04 LTS must automatically exit interactive command shell user sessions after 15 minutes of inactivity.

1 rule found Severity: Medium

Logo

The Central Log Server must automatically terminate a user session after organization-defined conditions or trigger events requiring session disconnect.

1 rule found Severity: Medium

Logo

AlmaLinux OS 9 must be configured so that all network connections associated with SSH traffic are terminated after 10 minutes of becoming unresponsive.

1 rule found Severity: Medium

Logo

Dragos must configure idle timeouts at 10 minutes.

1 rule found Severity: Medium

Logo

For TLS connections, Forescout must automatically terminate the session when a client certificate is requested and the client does not have a suitable certificate. This is required for compliance with C2C Step 1.

1 rule found Severity: Medium

Logo

The operating system must automatically terminate a user session after inactivity time-outs have expired or at shutdown.

1 rule found Severity: Medium

Logo

IBM z/OS PROFILE.TCPIP configuration INACTIVITY statement must be configured to 900 seconds.

1 rule found Severity: Medium

Logo

IBM z/OS must configure system wait times to protect resource availability based on site priorities.

1 rule found Severity: Medium

Logo

The CA-TSS NEWPW control options must be properly set.

1 rule found Severity: Medium

Logo

CA-TSS VTHRESH Control Option values specified must be set to (10,NOT,CAN).

1 rule found Severity: Medium

Logo

IBM z/OS PROFILE.TCPIP configuration for the TN3270 Telnet server must have the INACTIVE statement properly specified.

1 rule found Severity: Medium

Logo

The Mainframe Product must automatically terminate a user session after conditions, as defined in site security plan, are met or trigger events requiring session disconnect.

1 rule found Severity: Medium

Logo

The Juniper SRX Services Gateway must be configured to use an authentication server to centrally apply authentication and logon settings for remote and nonlocal access for device management.

1 rule found Severity: Medium

Logo

MariaDB must automatically terminate a user's session after organization-defined conditions or trigger events requiring session disconnect.

1 rule found Severity: Medium

Logo

The Juniper SRX Services Gateway VPN must renegotiate the IPsec security association after 8 hours or less.

1 rule found Severity: Medium

Logo

The Juniper SRX Services Gateway VPN must renegotiate the IKE security association after 24 hours or less.

1 rule found Severity: Medium

Logo

Exchange must limit the Receive connector timeout.

1 rule found Severity: Medium

Logo

The Exchange receive connector timeout must be limited.

1 rule found Severity: Low

Logo

Windows Server 2022 directory service must be configured to terminate LDAP-based network connections to the directory server after five minutes of inactivity.

1 rule found Severity: Low

Logo

The DBMS must terminate the network connection associated with a communications session at the end of the session or 15 minutes of inactivity.

1 rule found Severity: Medium

Logo

OL 8 must be configured so that all network connections associated with SSH traffic terminate after becoming unresponsive.

1 rule found Severity: Medium

Logo

OL 8 must be configured so that all network connections associated with SSH traffic are terminated after 10 minutes of becoming unresponsive.

1 rule found Severity: Medium

Logo

RHEL 9 must be configured so that all network connections associated with SSH traffic terminate after becoming unresponsive.

1 rule found Severity: Medium

Logo

RHEL 9 must be configured so that all network connections associated with SSH traffic are terminated after 10 minutes of becoming unresponsive.

1 rule found Severity: Medium

Logo

The SUSE operating system SSH daemon must be configured with a timeout interval.

2 rules found Severity: Medium

Logo

The SUSE operating system for all network connections associated with SSH traffic must immediately terminate at the end of the session or after 10 minutes of inactivity.

2 rules found Severity: Medium

Logo

The UEM server must automatically terminate a user session after an organization-defined period of user inactivity.

1 rule found Severity: Medium

Logo

The VMM must automatically terminate a user session after inactivity timeouts have expired or at shutdown.

1 rule found Severity: Medium

Logo

The ESXi host must set a timeout to automatically disable idle shell sessions after two minutes.

1 rule found Severity: Medium

Logo

The ESXi host must set a timeout to automatically end idle shell sessions after fifteen minutes.

2 rules found Severity: Medium

Logo

The Photon operating system must set a session inactivity timeout of 15 minutes or less.

1 rule found Severity: Medium

Logo

The vCenter Server must terminate vSphere Client sessions after 15 minutes of inactivity.

2 rules found Severity: Medium

Logo

The vCenter ESX Agent Manager service must set an inactive timeout for sessions.

2 rules found Severity: Medium

Logo

The vCenter Lookup service must set an inactive timeout for sessions.

2 rules found Severity: Medium

Logo

The vCenter Server must terminate vSphere Client sessions after 10 minutes of inactivity.

1 rule found Severity: Medium

Logo

The vCenter Perfcharts service must set an inactive timeout for sessions.

2 rules found Severity: Medium

Logo

The operating system must automatically terminate a user session after inactivity time-outs have expired.

2 rules found Severity: Medium

Logo

The vCenter STS service must set an inactive timeout for sessions.

2 rules found Severity: Medium

Logo

The vCenter UI service must set an inactive timeout for sessions.

2 rules found Severity: Medium

Logo

Nutanix AOS must automatically terminate a user session after 15 minutes of inactivity.

1 rule found Severity: Medium

Logo