1.8.3 Ensure 'HTTP idle timeout' is less than or equal to '5' minutes

Information

Sets the timeout for an HTTP session idle before the security appliance terminates it.

Rationale:

Limiting session idle timeout prevents unauthorized users from using abandoned sessions to perform malicious activities.

Solution

Step 1: Run the following to set the HTTP timeout to less than or equal to 5 minutes

hostname(config)# http server idle-timeout 5

Default Value:

The default session timeout value is 20 minutes.

See Also

https://workbench.cisecurity.org/files/3294

Item Details

Category: CONFIGURATION MANAGEMENT

References: 800-53|CM-2, CSCv7|11.1

Plugin: Cisco

Control ID: 4c2fab67ae04fc8fbf220ece988655eb942ce0d5a43b628da9faf3f085e7fd60