1.8.3 Ensure 'HTTP idle timeout' is less than or equal to '5' minutes

Information

Sets the timeout for an HTTP session idle before the security appliance terminates it.

Rationale:

Limiting session idle timeout prevents unauthorized users from using abandoned sessions to perform malicious activities.

Solution

Step 1: Run the following to set the HTTP timeout to less than or equal to 5 minutes

hostname(config)# http server idle-timeout 5

Default Value:

The default session timeout value is 20 minutes.

See Also

https://workbench.cisecurity.org/files/3246

Item Details

Category: CONFIGURATION MANAGEMENT

References: 800-53|CM-2, CSCv7|11.1

Plugin: Cisco

Control ID: f6cdabce3ccb6d8dfc4acb79a10ee3a0b587bbe6ff061d6865a8d492a6785e4f