Skip to content

Applications requiring user access authentication must provide a logoff capability for user initiated communication session.

An XCCDF Rule

Description

<VulnDiscussion>If a user cannot explicitly end an application session, the session may remain open and be exploited by an attacker. Applications providing user access must provide the ability for users to manually terminate their sessions and log off.</VulnDiscussion><FalsePositives></FalsePositives><FalseNegatives></FalseNegatives><Documentable>false</Documentable><Mitigations></Mitigations><SeverityOverrideGuidance></SeverityOverrideGuidance><PotentialImpacts></PotentialImpacts><ThirdPartyTools></ThirdPartyTools><MitigationControl></MitigationControl><Responsibility></Responsibility><IAControls></IAControls>

ID
SV-222391r961224_rule
Severity
Medium
References
Updated



Remediation - Manual Procedure

Design and configure the application to provide all users with the capability to manually terminate their application session.