Applications requiring user access authentication must provide a logoff capability for user initiated communication session.
An XCCDF Rule
Description
<VulnDiscussion>If a user cannot explicitly end an application session, the session may remain open and be exploited by an attacker. Applications providing user access must provide the ability for users to manually terminate their sessions and log off.</VulnDiscussion><FalsePositives></FalsePositives><FalseNegatives></FalseNegatives><Documentable>false</Documentable><Mitigations></Mitigations><SeverityOverrideGuidance></SeverityOverrideGuidance><PotentialImpacts></PotentialImpacts><ThirdPartyTools></ThirdPartyTools><MitigationControl></MitigationControl><Responsibility></Responsibility><IAControls></IAControls>
- ID
- SV-222391r961224_rule
- Severity
- Medium
- References
- Updated
Remediation - Manual Procedure
Design and configure the application to provide all users with the capability to manually terminate their application session.