800-53|AC-10

Title

CONCURRENT SESSION CONTROL

Description

The information system limits the number of concurrent sessions for each [Assignment: organization-defined account and/or account type] to [Assignment: organization-defined number].

Supplemental

Organizations may define the maximum number of concurrent sessions for information system accounts globally, by account type (e.g., privileged user, non-privileged user, domain, specific application), by account, or a combination. For example, organizations may limit the number of concurrent sessions for system administrators or individuals working in particularly sensitive domains or mission-critical applications. This control addresses concurrent sessions for information system accounts and does not address concurrent sessions by single users via multiple system accounts.

Reference Item Details

Category: ACCESS CONTROL

Family: ACCESS CONTROL

Priority: P3

Baseline Impact: HIGH

Audit Items

View all Reference Audit Items

NamePluginAudit Name
1.5.5 Ensure number of concurrent sessions is limitedUnixCIS Red Hat Enterprise Linux 7 STIG v2.0.0 STIG
3.1.11 Set maximum connection limits - MAX_CONNECTIONSUnixCIS IBM DB2 v10 v1.1.0 Linux OS Level 1
3.1.11 Set maximum connection limits - MAX_CONNECTIONSUnixCIS IBM DB2 v10 v1.1.0 Linux OS Level 2
3.1.11 Set maximum connection limits - MAX_COORDAGENTSUnixCIS IBM DB2 v10 v1.1.0 Linux OS Level 2
3.1.11 Set maximum connection limits - MAX_COORDAGENTSUnixCIS IBM DB2 v10 v1.1.0 Linux OS Level 1
3.1.11 Set maximum connection limits - MAXAPPLSUnixCIS IBM DB2 v10 v1.1.0 Linux OS Level 2
3.1.11 Set maximum connection limits - MAXAPPLSUnixCIS IBM DB2 v10 v1.1.0 Linux OS Level 1
3.1.14 Set maximum connection limits - 'max_connections <= 100'UnixCIS IBM DB2 OS L2 v1.2.0
3.1.14 Set maximum connection limits - 'max_coordagents <= 100'UnixCIS IBM DB2 OS L2 v1.2.0
3.1.14 Set maximum connection limits - 'maxappls <= 99'UnixCIS IBM DB2 OS L2 v1.2.0
3.1.14 Set maximum connection limits - MAX_CONNECTIONSIBM_DB2DBCIS IBM DB2 9 Benchmark v3.0.1 Level 1 DB
3.1.14 Set maximum connection limits - MAX_CONNECTIONSIBM_DB2DBCIS IBM DB2 9 Benchmark v3.0.1 Level 2 DB
3.1.14 Set maximum connection limits - MAX_COORDAGENTSIBM_DB2DBCIS IBM DB2 9 Benchmark v3.0.1 Level 1 DB
3.1.14 Set maximum connection limits - MAX_COORDAGENTSIBM_DB2DBCIS IBM DB2 9 Benchmark v3.0.1 Level 2 DB
4.1.12 Set Maximum Number of Applications (MAXAPPLS)UnixCIS IBM DB2 11 v1.0.0 Linux OS Level 2
4.1.12 Set Maximum Number of Applications (MAXAPPLS)UnixCIS IBM DB2 11 v1.0.0 Linux OS Level 1
4.2.21 Ensure SSH MaxSessions is set to 10 or lessUnixCIS Ubuntu Linux 20.04 LTS Workstation L1 v2.0.1
4.2.21 Ensure SSH MaxSessions is set to 10 or lessUnixCIS Ubuntu Linux 20.04 LTS Server L1 v2.0.1
4.2.21 Ensure SSH MaxSessions is set to 10 or lessUnixCIS Debian 10 Server L1 v2.0.0
4.2.21 Ensure SSH MaxSessions is set to 10 or lessUnixCIS Debian 10 Workstation L1 v2.0.0
5.2.19 Ensure SSH LoginGraceTime is set to one minute or less - sshd outputUnixCIS Red Hat EL9 Workstation L1 v1.0.0
5.2.19 Ensure SSH LoginGraceTime is set to one minute or less - sshd outputUnixCIS Oracle Linux 9 Server L1 v1.0.0
5.2.19 Ensure SSH LoginGraceTime is set to one minute or less - sshd outputUnixCIS AlmaLinux OS 9 Server L1 v1.0.0
5.2.19 Ensure SSH LoginGraceTime is set to one minute or less - sshd outputUnixCIS Rocky Linux 9 Workstation L1 v1.0.0
5.2.19 Ensure SSH LoginGraceTime is set to one minute or less - sshd outputUnixCIS AlmaLinux OS 9 Workstation L1 v1.0.0
5.2.19 Ensure SSH LoginGraceTime is set to one minute or less - sshd outputUnixCIS Red Hat EL9 Server L1 v1.0.0
5.2.19 Ensure SSH LoginGraceTime is set to one minute or less - sshd outputUnixCIS Rocky Linux 9 Server L1 v1.0.0
5.2.19 Ensure SSH LoginGraceTime is set to one minute or less - sshd outputUnixCIS Oracle Linux 9 Workstation L1 v1.0.0
5.2.20 Ensure SSH MaxSessions is set to 10 or lessUnixCIS Debian Linux 11 Server L1 v1.0.0
5.2.20 Ensure SSH MaxSessions is set to 10 or lessUnixCIS Ubuntu Linux 22.04 LTS Server L1 v1.0.0
5.2.20 Ensure SSH MaxSessions is set to 10 or lessUnixCIS Debian Linux 11 Workstation L1 v1.0.0
5.2.20 Ensure SSH MaxSessions is set to 10 or lessUnixCIS Ubuntu Linux 22.04 LTS Workstation L1 v1.0.0
5.3.22 Ensure SSH MaxSessions is limitedUnixCIS Ubuntu Linux 18.04 LTS Server L1 v2.1.0
5.3.22 Ensure SSH MaxSessions is limitedUnixCIS Ubuntu Linux 18.04 LTS Workstation L1 v2.1.0
5.9 Ensure number of concurrent sessions is limitedUnixCIS Amazon Linux 2 STIG v1.0.0 L3
5.11 Disable ability to login to another user's active and locked sessionUnixCIS Apple OSX 10.10 Yosemite L1 v1.2.0
5.11 Disable ability to login to another user's active and locked sessionUnixCIS Apple OSX 10.11 El Capitan L1 v1.1.0
5.11 Disable ability to login to another user's active and locked sessionUnixCIS Apple OSX 10.9 L1 v1.3.0
5.13 Disable ability to login to another user's active and locked sessionUnixCIS Apple macOS 10.12 L1 v1.2.0
5.15 Disable Fast User SwitchingUnixCIS Apple OSX 10.10 Yosemite L2 v1.2.0
5.15 Disable Fast User SwitchingUnixCIS Apple OSX 10.9 L2 v1.3.0
5.15 Disable Fast User SwitchingUnixCIS Apple OSX 10.11 El Capitan L2 v1.1.0
5.16 Disable Fast User SwitchingUnixCIS Apple macOS 10.13 L2 v1.1.0
5.17 Disable Fast User SwitchingUnixCIS Apple macOS 10.12 L2 v1.2.0
9.2 Ensure KeepAlive Is EnabledUnixCIS Apache HTTP Server 2.2 L1 v3.6.0 Middleware
AIX7-00-001004 - AIX must limit the number of concurrent sessions to 10 for all accounts and/or account types.UnixDISA STIG AIX 7.x v2r8
AOSX-14-000050 - The macOS system must limit the number of concurrent SSH sessions to 10 for all accounts and/or account types.UnixDISA STIG Apple Mac OSX 10.14 v2r6
AS24-U1-000010 - The Apache web server must limit the number of allowed simultaneous session requests - KeepAliveUnixDISA STIG Apache Server 2.4 Unix Server v2r6
AS24-U1-000010 - The Apache web server must limit the number of allowed simultaneous session requests - KeepAliveUnixDISA STIG Apache Server 2.4 Unix Server v2r6 Middleware
AS24-U1-000010 - The Apache web server must limit the number of allowed simultaneous session requests - MaxKeepAliveRequestsUnixDISA STIG Apache Server 2.4 Unix Server v2r6