800-53|AC-10

Title

CONCURRENT SESSION CONTROL

Description

The information system limits the number of concurrent sessions for each [Assignment: organization-defined account and/or account type] to [Assignment: organization-defined number].

Supplemental

Organizations may define the maximum number of concurrent sessions for information system accounts globally, by account type (e.g., privileged user, non-privileged user, domain, specific application), by account, or a combination. For example, organizations may limit the number of concurrent sessions for system administrators or individuals working in particularly sensitive domains or mission-critical applications. This control addresses concurrent sessions for information system accounts and does not address concurrent sessions by single users via multiple system accounts.

Reference Item Details

Category: ACCESS CONTROL

Family: ACCESS CONTROL

Priority: P3

Baseline Impact: HIGH

Audit Items

View all Reference Audit Items

NamePluginAudit Name
1.2.11 Set 'http Secure-server' limitCiscoCIS Cisco IOS 16 L1 v1.1.0
1.4.2.6 Disable 'Enable fast user switching'UnixCIS Apple OSX 10.6 Snow Leopard L2 v1.0.0
1.4.6.2 Disable users or admins to login to another users active and locked sessionUnixCIS Apple OSX 10.6 Snow Leopard L1 v1.0.0
1.5.5 Ensure number of concurrent sessions is limitedUnixCIS Red Hat Enterprise Linux 7 STIG v2.0.0 STIG
3.1.11 Set maximum connection limits - MAX_CONNECTIONSUnixCIS IBM DB2 v10 v1.1.0 Linux OS Level 2
3.1.11 Set maximum connection limits - MAX_CONNECTIONSUnixCIS IBM DB2 v10 v1.1.0 Linux OS Level 1
3.1.11 Set maximum connection limits - MAX_COORDAGENTSUnixCIS IBM DB2 v10 v1.1.0 Linux OS Level 1
3.1.11 Set maximum connection limits - MAX_COORDAGENTSUnixCIS IBM DB2 v10 v1.1.0 Linux OS Level 2
3.1.11 Set maximum connection limits - MAXAPPLSUnixCIS IBM DB2 v10 v1.1.0 Linux OS Level 2
3.1.11 Set maximum connection limits - MAXAPPLSUnixCIS IBM DB2 v10 v1.1.0 Linux OS Level 1
3.1.12 Set maximum connection limits - MAX_CONNECTIONSUnixCIS v1.1.0 IBM DB2 v10 Linux OS Level 1
3.1.12 Set maximum connection limits - MAX_CONNECTIONSUnixCIS v1.1.0 IBM DB2 v10 Linux OS Level 2
3.1.12 Set maximum connection limits - MAX_COORDAGENTSUnixCIS v1.1.0 IBM DB2 v10 Linux OS Level 1
3.1.12 Set maximum connection limits - MAX_COORDAGENTSUnixCIS v1.1.0 IBM DB2 v10 Linux OS Level 2
3.1.12 Set maximum connection limits - MAXAPPLSUnixCIS v1.1.0 IBM DB2 v10 Linux OS Level 2
3.1.12 Set maximum connection limits - MAXAPPLSUnixCIS v1.1.0 IBM DB2 v10 Linux OS Level 1
3.1.14 Set maximum connection limits - 'max_connections <= 100'UnixCIS IBM DB2 OS L2 v1.2.0
3.1.14 Set maximum connection limits - 'max_coordagents <= 100'UnixCIS IBM DB2 OS L2 v1.2.0
3.1.14 Set maximum connection limits - 'maxappls <= 99'UnixCIS IBM DB2 OS L2 v1.2.0
3.1.14 Set maximum connection limits - MAX_CONNECTIONSIBM_DB2DBCIS IBM DB2 9 Benchmark v3.0.1 Level 2 DB
3.1.14 Set maximum connection limits - MAX_CONNECTIONSIBM_DB2DBCIS IBM DB2 9 Benchmark v3.0.1 Level 1 DB
3.1.14 Set maximum connection limits - MAX_COORDAGENTSIBM_DB2DBCIS IBM DB2 9 Benchmark v3.0.1 Level 1 DB
3.1.14 Set maximum connection limits - MAX_COORDAGENTSIBM_DB2DBCIS IBM DB2 9 Benchmark v3.0.1 Level 2 DB
4.000 - The system must limit the number of concurrent sessions to 10 for all accounts and/or account types.UnixTenable Fedora Linux Best Practices v2.0.0
4.1.12 Set Maximum Number of Applications (MAXAPPLS)UnixCIS IBM DB2 11 v1.1.0 Linux OS Level 1
4.2.12 Ensure sshd LoginGraceTime is configuredUnixCIS Oracle Linux 8 Server L1 v3.0.0
4.2.12 Ensure sshd LoginGraceTime is configuredUnixCIS Ubuntu Linux 18.04 LTS v2.2.0 L1 Workstation
4.2.12 Ensure sshd LoginGraceTime is configuredUnixCIS Red Hat EL8 Server L1 v3.0.0
4.2.12 Ensure sshd LoginGraceTime is configuredUnixCIS Rocky Linux 8 Server L1 v2.0.0
4.2.12 Ensure sshd LoginGraceTime is configuredUnixCIS Oracle Linux 8 Workstation L1 v3.0.0
4.2.12 Ensure sshd LoginGraceTime is configuredUnixCIS AlmaLinux OS 8 Server L1 v3.0.0
4.2.12 Ensure sshd LoginGraceTime is configuredUnixCIS AlmaLinux OS 8 Workstation L1 v3.0.0
4.2.12 Ensure sshd LoginGraceTime is configuredUnixCIS Ubuntu Linux 18.04 LTS v2.2.0 L1 Server
4.2.12 Ensure sshd LoginGraceTime is configuredUnixCIS Red Hat EL8 Workstation L1 v3.0.0
4.2.12 Ensure sshd LoginGraceTime is configuredUnixCIS Rocky Linux 8 Workstation L1 v2.0.0
4.2.13 Ensure sshd LoginGraceTime is configuredUnixCIS CentOS Linux 7 v4.0.0 L1 Workstation
4.2.13 Ensure sshd LoginGraceTime is configuredUnixCIS Oracle Linux 7 v4.0.0 L1 Workstation
4.2.13 Ensure sshd LoginGraceTime is configuredUnixCIS Red Hat Enterprise Linux 7 v4.0.0 L1 Server
18.9.58.3.2.1 Ensure 'Restrict Remote Desktop Services users to a single Remote Desktop Services session' is set to 'Enabled'WindowsCIS Microsoft Windows Server 2008 Member Server Level 2 v3.1.0
18.9.58.3.2.1 Ensure 'Restrict Remote Desktop Services users to a single Remote Desktop Services session' is set to 'Enabled'WindowsCIS Windows Server 2012 MS L2 v2.1.0
18.9.58.3.2.1 Ensure 'Restrict Remote Desktop Services users to a single Remote Desktop Services session' is set to 'Enabled'WindowsCIS Windows Server 2012 DC L2 v2.1.0
18.9.58.3.2.1 Ensure 'Restrict Remote Desktop Services users to a single Remote Desktop Services session' is set to 'Enabled'WindowsCIS Microsoft Windows Server 2008 Domain Controller Level 2 v3.1.0
18.9.58.3.2.1 Ensure 'Restrict Remote Desktop Services users to a single Remote Desktop Services session' is set to 'Enabled'WindowsCIS Microsoft Windows Server 2008 R2 Domain Controller Level 2 v3.1.0
18.9.58.3.2.1 Ensure 'Restrict Remote Desktop Services users to a single Remote Desktop Services session' is set to 'Enabled'WindowsCIS Microsoft Windows Server 2008 R2 Member Server Level 2 v3.1.0
18.9.59.3.2.1 Ensure 'Restrict Remote Desktop Services users to a single Remote Desktop Services session' is set to 'Enabled'WindowsCIS Microsoft Windows Server 2016 MS L2 v1.2.0
18.9.59.3.2.1 Ensure 'Restrict Remote Desktop Services users to a single Remote Desktop Services session' is set to 'Enabled'WindowsCIS Windows Server 2012 R2 DC L2 v2.4.0
18.9.59.3.2.1 Ensure 'Restrict Remote Desktop Services users to a single Remote Desktop Services session' is set to 'Enabled'WindowsCIS Windows Server 2012 R2 MS L2 v2.4.0
18.9.59.3.2.1 Ensure 'Restrict Remote Desktop Services users to a single Remote Desktop Services session' is set to 'Enabled'WindowsCIS Windows Server 2016 DC L2 v1.2.0
18.9.63.3.2.1 Ensure 'Restrict Remote Desktop Services users to a single Remote Desktop Services session' is set to 'Enabled'WindowsCIS Windows Server 2012 R2 MS L2 v2.5.0
18.9.63.3.2.1 Ensure 'Restrict Remote Desktop Services users to a single Remote Desktop Services session' is set to 'Enabled'WindowsCIS Windows Server 2012 R2 DC L2 v2.5.0