The Lifetime Minutes and Renewal Threshold Minutes Login Session Controls on MKE must be set.

An XCCDF Rule

Description

<VulnDiscussion>The "Lifetime Minutes" and "Renewal Threshold Minutes" login session controls in MKE are part of security features that help manage user sessions within the MKE environment. Setting these controls is essential. MKE must terminate all network connections associated with a communications session at the end of the session, or as follows: For in-band management sessions (privileged sessions), the session must be terminated after 10 minutes of inactivity.</VulnDiscussion><FalsePositives></FalsePositives><FalseNegatives></FalseNegatives><Documentable>false</Documentable><Mitigations></Mitigations><SeverityOverrideGuidance></SeverityOverrideGuidance><PotentialImpacts></PotentialImpacts><ThirdPartyTools></ThirdPartyTools><MitigationControl></MitigationControl><Responsibility></Responsibility><IAControls></IAControls>

ID: SV-260903r1015767_rule
Severity: Medium
References: CCI-001133 CCI-002007 CCI-002038 CCI-004895
Updated: 19 days ago

Log in to the MKE web UI and navigate to admin >> Admin Settings >> Authentication & Authorization.

- Below Lifetime Minutes, enter "10".
- Below Renewal Threshold, enter "0".
- Click "Save".

The Lifetime Minutes and Renewal Threshold Minutes Login Session Controls on MKE must be set.

Description

Remediation - Manual Procedure