Applications requiring user access authentication must provide a logoff capability for user initiated communication session.

An XCCDF Rule

Details
Profiles

Description

If a user cannot explicitly end an application session, the session may remain open and be exploited by an attacker. Applications providing user access must provide the ability for users to manually terminate their sessions and log off.

ID: SV-222391r961224_rule
Version: APSC-DV-000090
Severity: Medium
References: CCI-002363
Updated: about 2 months ago

Remediation Templates

Design and configure the application to provide all users with the capability to manually terminate their application session.

Applications requiring user access authentication must provide a logoff capability for user initiated communication session.

Description

Remediation Templates

A Manual Procedure