Skip to content

The application must terminate all network connections associated with a communications session at the end of the session.

An XCCDF Rule

Description

<VulnDiscussion>Networked applications routinely open connections to and from other systems as part of their design and function. When connections are opened by the application, system resources are consumed. Terminating the network connection at the end of the application session frees up these resources for later use and aids in maintaining system stability. Terminating network connections associated with communications sessions includes, for example, de-allocating associated TCP/IP address/port pairs at the operating system level, or de-allocating networking assignments at the application level if multiple application sessions are using a single, operating system level network connection. This does not mean that the application terminates all sessions or network access; it only ends the inactive session and releases the resources associated with that session. Many applications rely on the underlying OS to control the network connection aspect of the application which is perfectly acceptable. Additionally, application specific operational issues may occasionally be encountered which dictate exceptions be granted to this requirement in order to ensure continuity of operations and application availability. When the aforementioned type of situation occurs, the root cause of the issue as well as the mitigations implemented in order to prevent a loss of availability must be documented. Common mitigation procedures include but are not limited to stopping and restarting application or system services in order to manually release system resources.</VulnDiscussion><FalsePositives></FalsePositives><FalseNegatives></FalseNegatives><Documentable>false</Documentable><Mitigations></Mitigations><SeverityOverrideGuidance></SeverityOverrideGuidance><PotentialImpacts></PotentialImpacts><ThirdPartyTools></ThirdPartyTools><MitigationControl></MitigationControl><Responsibility></Responsibility><IAControls></IAControls>

ID
SV-222568r961068_rule
Severity
Medium
References
Updated



Remediation - Manual Procedure

Configure or design the application to terminate application network sessions at the end of the session.