| AIX7-00-002105 - AIX must config the SSH idle timeout interval. | DISA STIG AIX 7.x v2r9 | Unix | ACCESS CONTROL, SYSTEM AND COMMUNICATIONS PROTECTION |
| AS24-U1-000460 - The Apache web server must invalidate session identifiers upon hosted application user logout or other session termination. | DISA STIG Apache Server 2.4 Unix Server v2r6 Middleware | Unix | ACCESS CONTROL, SYSTEM AND COMMUNICATIONS PROTECTION |
| AS24-U1-000460 - The Apache web server must invalidate session identifiers upon hosted application user logout or other session termination. | DISA STIG Apache Server 2.4 Unix Server v2r6 | Unix | ACCESS CONTROL, SYSTEM AND COMMUNICATIONS PROTECTION |
| AS24-U1-000650 - The Apache web server must set an inactive timeout for sessions - reqtimeout_module | DISA STIG Apache Server 2.4 Unix Server v2r6 Middleware | Unix | ACCESS CONTROL |
| AS24-U1-000650 - The Apache web server must set an inactive timeout for sessions - reqtimeout_module | DISA STIG Apache Server 2.4 Unix Server v2r6 | Unix | ACCESS CONTROL |
| AS24-U1-000650 - The Apache web server must set an inactive timeout for sessions. | DISA STIG Apache Server 2.4 Unix Server v2r6 Middleware | Unix | ACCESS CONTROL |
| AS24-U1-000650 - The Apache web server must set an inactive timeout for sessions. | DISA STIG Apache Server 2.4 Unix Server v2r6 | Unix | ACCESS CONTROL |
| AS24-W1-000650 - The Apache web server must set an inactive timeout for completing the TLS handshake - mod_reqtimeout | DISA STIG Apache Server 2.4 Windows Server v2r3 | Windows | ACCESS CONTROL |
| AS24-W2-000650 - The Apache web server must set an inactive timeout for completing the TLS handshake - mod_reqtimeout | DISA STIG Apache Server 2.4 Windows Site v2r1 | Windows | ACCESS CONTROL |
| AS24-W2-000650 - The Apache web server must set an inactive timeout for completing the TLS handshake - RequestReadTimeout | DISA STIG Apache Server 2.4 Windows Site v2r1 | Windows | ACCESS CONTROL |
| DB2X-00-006400 - DB2 must automatically terminate a user session after organization-defined conditions or trigger events requiring session disconnect. | DISA STIG IBM DB2 v10.5 LUW v2r1 Database | IBM_DB2DB | ACCESS CONTROL |
| DKER-EE-002970 - The Docker Enterprise per user limit login session control must be set per the requirements in the System Security Plan (SSP). | DISA STIG Docker Enterprise 2.x Linux/Unix UCP v2r1 | Unix | ACCESS CONTROL |
| EP11-00-006700 - The EDB Postgres Advanced Server must automatically terminate a user session after organization-defined conditions or trigger events requiring session disconnect. | EDB PostgreSQL Advanced Server v11 DB Audit v2r2 | PostgreSQLDB | ACCESS CONTROL |
| EX13-MB-000275 - The Exchange Receive connector timeout must be limited. | DISA Microsoft Exchange 2013 Mailbox Server STIG v2r2 | Windows | ACCESS CONTROL |
| EX16-MB-000550 - The Exchange Receive connector timeout must be limited. | DISA Microsoft Exchange 2016 Mailbox Server STIG v2r6 | Windows | ACCESS CONTROL |
| F5BI-AP-000147 - The BIG-IP APM module access policy profile must be configured to automatically terminate user sessions for users connected to virtual servers when organization-defined conditions or trigger events occur that require a session disconnect. | DISA F5 BIG-IP Access Policy Manager STIG v2r3 | F5 | ACCESS CONTROL |
| F5BI-LT-000147 - The BIG-IP Core implementation must automatically terminate a user session for a user connected to virtual servers when organization-defined conditions or trigger events occur that require a session disconnect. | DISA F5 BIG-IP Local Traffic Manager STIG v2r3 | F5 | ACCESS CONTROL, CONFIGURATION MANAGEMENT |
| IIST-SI-000235 - The Idle Time-out monitor for each IIS 10.0 website must be enabled. | DISA IIS 10.0 Site v2r9 | Windows | ACCESS CONTROL |
| IIST-SI-000236 - The IIS 10.0 websites connectionTimeout setting must be explicitly configured to disconnect an idle session. | DISA IIS 10.0 Site v2r9 | Windows | ACCESS CONTROL |
| IISW-SI-000235 - The Idle Time-out monitor for each IIS 8.5 website must be enabled. | DISA IIS 8.5 Site v2r9 | Windows | ACCESS CONTROL |
| IISW-SI-000236 - The IIS 8.5 websites connectionTimeout setting must be explicitly configured to disconnect an idle session. | DISA IIS 8.5 Site v2r9 | Windows | ACCESS CONTROL |
| JUSX-DM-000096 - The Juniper SRX Services Gateway must be configured to use an authentication server to centrally apply authentication and logon settings for remote and nonlocal access for device management. | DISA Juniper SRX Services Gateway NDM v2r1 | Juniper | ACCESS CONTROL, CONFIGURATION MANAGEMENT |
| JUSX-VN-000002 - The Juniper SRX Services Gateway VPN must renegotiate the IPsec security association after 8 hours or less. | DISA Juniper SRX Services Gateway VPN v2r2 | Juniper | ACCESS CONTROL |
| JUSX-VN-000003 - The Juniper SRX Services Gateway VPN must renegotiate the IKE security association after 24 hours or less. | DISA Juniper SRX Services Gateway VPN v2r2 | Juniper | ACCESS CONTROL |
| O112-C2-016500 - The DBMS must terminate the network connection associated with a communications session at the end of the session or after 15 minutes of inactivity. | DISA STIG Oracle 11.2g v2r3 Database | OracleDB | ACCESS CONTROL |
| O121-C2-016500 - The DBMS must terminate the network connection associated with a communications session at the end of the session or 15 minutes of inactivity. | DISA STIG Oracle 12c v2r8 Database | OracleDB | ACCESS CONTROL |
| OL07-00-040320 - The Oracle Linux operating system must be configured so that all network connections associated with SSH traffic are terminated after 10 minutes of becoming unresponsive. | DISA Oracle Linux 7 STIG v2r14 | Unix | ACCESS CONTROL, SYSTEM AND COMMUNICATIONS PROTECTION |
| OL08-00-010200 - OL 8 must be configured so that all network connections associated with SSH traffic terminate after becoming unresponsive. | DISA Oracle Linux 8 STIG v1r8 | Unix | ACCESS CONTROL, MAINTENANCE, SYSTEM AND COMMUNICATIONS PROTECTION |
| OL08-00-010201 - OL 8 must be configured so that all network connections associated with SSH traffic are terminated after 10 minutes of becoming unresponsive. | DISA Oracle Linux 8 STIG v1r8 | Unix | ACCESS CONTROL, MAINTENANCE, SYSTEM AND COMMUNICATIONS PROTECTION |
| PGS9-00-011600 - PostgreSQL must automatically terminate a user session after organization-defined conditions or trigger events requiring session disconnect. | DISA STIG PostgreSQL 9.x on RHEL DB v2r3 | PostgreSQLDB | ACCESS CONTROL |
| PHTN-30-000005 - The Photon operating system must set a session inactivity timeout of 15 minutes or less. | DISA STIG VMware vSphere 7.0 Photon OS v1r2 | Unix | ACCESS CONTROL, MAINTENANCE |
| PHTN-67-000005 - The Photon operating system must set a session inactivity timeout of 15 minutes or less - duration | DISA STIG VMware vSphere 6.7 Photon OS v1r6 | Unix | ACCESS CONTROL, MAINTENANCE |
| PHTN-67-000005 - The Photon operating system must set a session inactivity timeout of 15 minutes or less - export | DISA STIG VMware vSphere 6.7 Photon OS v1r6 | Unix | ACCESS CONTROL, MAINTENANCE |
| PHTN-67-000005 - The Photon operating system must set a session inactivity timeout of 15 minutes or less - mesg | DISA STIG VMware vSphere 6.7 Photon OS v1r6 | Unix | ACCESS CONTROL, MAINTENANCE |
| PHTN-67-000005 - The Photon operating system must set a session inactivity timeout of 15 minutes or less - readonly | DISA STIG VMware vSphere 6.7 Photon OS v1r6 | Unix | ACCESS CONTROL, MAINTENANCE |
| PPS9-00-006700 - The EDB Postgres Advanced Server must automatically terminate a user session after organization-defined conditions or trigger events requiring session disconnect. | EDB PostgreSQL Advanced Server DB Audit v2r2 | PostgreSQLDB | ACCESS CONTROL |
| RHEL-06-000071 - The system must be configured so that all network connections associated with a communication session are terminated at the end of the session or after 15 minutes of inactivity from the user at a command prompt, except to fulfill documented and validated mission requirements. | DISA Red Hat Enterprise Linux 6 STIG v2r2 | Unix | ACCESS CONTROL, SYSTEM AND COMMUNICATIONS PROTECTION |
| RHEL-07-040160 - The Red Hat Enterprise Linux operating system must be configured so that all network connections associated with a communication session are terminated at the end of the session or after 15 minutes of inactivity from the user at a command prompt, except to fulfill documented and validated mission requirements. | DISA Red Hat Enterprise Linux 7 STIG v3r14 | Unix | ACCESS CONTROL, SYSTEM AND COMMUNICATIONS PROTECTION |
| RHEL-07-040320 - The Red Hat Enterprise Linux operating system must be configured so that all network connections associated with SSH traffic are terminated after 10 minutes of becoming unresponsive. | DISA Red Hat Enterprise Linux 7 STIG v3r14 | Unix | ACCESS CONTROL, SYSTEM AND COMMUNICATIONS PROTECTION |
| RHEL-07-040340 - The Red Hat Enterprise Linux operating system must be configured so that all network connections associated with SSH traffic terminate after becoming unresponsive. | DISA Red Hat Enterprise Linux 7 STIG v3r14 | Unix | ACCESS CONTROL, SYSTEM AND COMMUNICATIONS PROTECTION |
| SLES-15-010280 - The SUSE operating system SSH daemon must be configured with a timeout interval. | DISA SLES 15 STIG v1r12 | Unix | ACCESS CONTROL, MAINTENANCE, SYSTEM AND COMMUNICATIONS PROTECTION |
| SLES-15-010320 - The SUSE operating system for all network connections associated with SSH traffic must immediately terminate at the end of the session or after 10 minutes of inactivity. | DISA SLES 15 STIG v1r12 | Unix | ACCESS CONTROL, MAINTENANCE, SYSTEM AND COMMUNICATIONS PROTECTION |
| SPLK-CL-000190 - Splunk Enterprise idle session timeout must be set to not exceed 15 minutes. | DISA STIG Splunk Enterprise 7.x for Windows v2r4 REST API | Splunk | ACCESS CONTROL |
| SQL4-00-031700 - SQL Server must automatically terminate a user session after organization-defined conditions or trigger events requiring session disconnect. | DISA STIG SQL Server 2014 Instance DB Audit v2r3 | MS_SQLDB | ACCESS CONTROL |
| TCAT-AS-000970 - Idle timeout for management application must be set to 10 minutes. | DISA STIG Apache Tomcat Application Server 9 v2r6 | Unix | ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION |
| TCAT-AS-000970 - Idle timeout for management application must be set to 10 minutes. | DISA STIG Apache Tomcat Application Server 9 v2r6 Middleware | Unix | ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION |
| UBTU-18-010416 - The Ubuntu operating system must automatically terminate all network connections associated with SSH traffic at the end of the session or after 10 minutes of inactivity. | DISA STIG Ubuntu 18.04 LTS v2r13 | Unix | ACCESS CONTROL, SYSTEM AND COMMUNICATIONS PROTECTION |
| VCSA-70-000089 - The vCenter Server must terminate vSphere Client sessions after 10 minutes of inactivity. | DISA STIG VMware vSphere 7.0 vCenter v1r2 | VMware | ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| WN12-SO-000031 - The amount of idle time required before suspending a session must be properly set. | DISA Windows Server 2012 and 2012 R2 MS STIG v3r7 | Windows | ACCESS CONTROL, SYSTEM AND COMMUNICATIONS PROTECTION |
| WN12-SO-000031 - The amount of idle time required before suspending a session must be properly set. | DISA Windows Server 2012 and 2012 R2 DC STIG v3r7 | Windows | ACCESS CONTROL, SYSTEM AND COMMUNICATIONS PROTECTION |
