Skip to content
ATO Pathways
Log In
Overview
Search
Catalogs
SCAP
OSCAL
Catalogs
Profiles
Documents
References
Knowledge Base
Platform Documentation
Compliance Dictionary
Platform Changelog
About
Catalogs
XCCDF
F5 BIG-IP TMOS ALG Security Technical Implementation Guide
F5BI-AP-300158
F5BI-AP-300158
An XCCDF Group - A logical subset of the XCCDF Benchmark
Details
Profiles
Prose
F5BI-AP-300158
1 Rule
<GroupDescription></GroupDescription>
The F5 BIG-IP appliance must be configured to set a Maximum Session Timeout value of eight hours or less.
Medium Severity
<VulnDiscussion>The Maximum Session Timeout setting configures a limit on the maximum amount of time a user's session is active without needing to reauthenticate. If the value is set to zero, the user's session is active until either the user terminates the session or the Inactivity Timeout value is reached (the default value is set to 604,800 seconds). When determining how long the maximum user session can last, it may be useful to review the access policy. For example, if the access policy requires that the user's antivirus signatures cannot be older than eight hours, the Maximum Session Timeout must not exceed that time limit. This is an APM Policy setting, which applies to APM authentication profiles for Virtual Servers and SSL VPN.</VulnDiscussion><FalsePositives></FalsePositives><FalseNegatives></FalseNegatives><Documentable>false</Documentable><Mitigations></Mitigations><SeverityOverrideGuidance></SeverityOverrideGuidance><PotentialImpacts></PotentialImpacts><ThirdPartyTools></ThirdPartyTools><MitigationControl></MitigationControl><Responsibility></Responsibility><IAControls></IAControls>