The TippingPoint SMS must limit the maximum number of concurrent active sessions to one for the account of last resort.
An XCCDF Rule
Description
<VulnDiscussion>Limiting the number of allowed administrators and sessions per administrator based on account type, role, or access type is helpful in limiting risks related to DoS attacks. This requirement addresses concurrent sessions for administrative accounts and does not address concurrent sessions by a single administrator via multiple administrative accounts. The maximum number of concurrent sessions is defined by DoD as one based on operational environment for each system.</VulnDiscussion><FalsePositives></FalsePositives><FalseNegatives></FalseNegatives><Documentable>false</Documentable><Mitigations></Mitigations><SeverityOverrideGuidance></SeverityOverrideGuidance><PotentialImpacts></PotentialImpacts><ThirdPartyTools></ThirdPartyTools><MitigationControl></MitigationControl><Responsibility></Responsibility><IAControls></IAControls>
- ID
- SV-242231r710700_rule
- Severity
- Low
- References
- Updated
Remediation - Manual Procedure
1. Log in to the SMS client.
2. Select >> "Edit" >> "Preferences". Select "Security" under "Session Preferences". Click the check box for "Limit number of total and user sessions".
3. Type 1 for the number of active sessions allowed for a user.
4. Click OK.