The network device must be configured to provide a logout mechanism for administrator-initiated communication sessions.

An XCCDF Rule

Details
Profiles

Description

If an administrator cannot explicitly end a device management session, the session may remain open and be exploited by an attacker; this is referred to as a zombie session.

ID: SV-202085r961224_rule
Version: SRG-APP-000296-NDM-000280
Severity: Medium
References: CCI-002363
Updated: 16 days ago

Remediation Templates

Configure the network device to provide a logout capability for administrator-initiated communication sessions.

The network device must be configured to provide a logout mechanism for administrator-initiated communication sessions.

Description

Remediation Templates

A Manual Procedure