Applications requiring user access authentication must provide a logoff capability for user initiated communication session.

An XCCDF Rule

Details
Profiles
Prose

Description

<VulnDiscussion>If a user cannot explicitly end an application session, the session may remain open and be exploited by an attacker. Applications providing user access must provide the ability for users to manually terminate their sessions and log off.</VulnDiscussion><FalsePositives></FalsePositives><FalseNegatives></FalseNegatives><Documentable>false</Documentable><Mitigations></Mitigations><SeverityOverrideGuidance></SeverityOverrideGuidance><PotentialImpacts></PotentialImpacts><ThirdPartyTools></ThirdPartyTools><MitigationControl></MitigationControl><Responsibility></Responsibility><IAControls></IAControls>

ID: SV-222391r879674_rule
Severity: Medium
References: CCI-002363
Updated: about 1 year ago

Design and configure the application to provide all users with the capability to manually terminate their application session.

Applications requiring user access authentication must provide a logoff capability for user initiated communication session.

Description

Remediation - Manual Procedure