800-53|AC-17(9)

Title

DISCONNECT / DISABLE ACCESS

Description

The organization provides the capability to expeditiously disconnect or disable remote access to the information system within [Assignment: organization-defined time period].

Supplemental

This control enhancement requires organizations to have the capability to rapidly disconnect current users remotely accessing the information system and/or disable further remote access. The speed of disconnect or disablement varies based on the criticality of missions/business functions and the need to eliminate immediate or future remote access to organizational information systems.

Reference Item Details

Reference: NIST 800-53 - Security and Privacy Controls for Federal Information Systems and Organizations

Category: ACCESS CONTROL

Parent Title: REMOTE ACCESS

Family: ACCESS CONTROL

Audit Items

View all Reference Audit Items

Name	Plugin	Audit Name
AS24-U1-000680 - The Apache web server must be configured to immediately disconnect or disable remote access to the hosted applications.	Unix	DISA STIG Apache Server 2.4 Unix Server v2r7 Middleware
AS24-U1-000680 - The Apache web server must be configured to immediately disconnect or disable remote access to the hosted applications.	Unix	DISA STIG Apache Server 2.4 Unix Server v2r7
AS24-W1-000680 - The Apache web server must be configured to immediately disconnect or disable remote access to the hosted applications.	Windows	DISA STIG Apache Server 2.4 Windows Server v2r3
Big Sur - Provide Ability to Disconnect or Disable Remote Access	Unix	NIST macOS Big Sur v1.4.0 - All Profiles
Catalina - Provide Ability to Disconnect or Disable Remote Access	Unix	NIST macOS Catalina v1.5.0 - All Profiles
ESXI-06-200035 - The VMM must provide the capability to immediately disconnect or disable remote access to the information system by disabling SSH.	VMware	DISA STIG VMware vSphere 6.x ESXi v1r5
ESXI-67-000035 - The ESXi host must be configured to disable nonessential capabilities by disabling SSH.	VMware	DISA STIG VMware vSphere 6.7 ESXi v1r3
ESXI-70-000035 - The ESXi host must be configured to disable nonessential capabilities by disabling Secure Shell (SSH).	VMware	DISA STIG VMware vSphere 7.0 ESXi v1r2
IIST-SI-000237 - The IIS 10.0 website must provide the capability to immediately disconnect or disable remote access to the hosted applications.	Windows	DISA IIS 10.0 Site v2r9
IIST-SV-000143 - The IIS 10.0 web server must provide the capability to immediately disconnect or disable remote access to the hosted applications.	Windows	DISA IIS 10.0 Server v2r10
IISW-SI-000237 - The IIS 8.5 website must provide the capability to immediately disconnect or disable remote access to the hosted applications.	Windows	DISA IIS 8.5 Site v2r9
IISW-SV-000143 - The IIS 8.5 web server must provide the capability to immediately disconnect or disable remote access to the hosted applications.	Windows	DISA IIS 8.5 Server v2r7
JBOS-AS-000470 - Network access to HTTP management must be disabled on domain-enabled application servers not designated as the domain controller.	Unix	DISA RedHat JBoss EAP 6.3 STIG v2r4
Monterey - Provide Ability to Disconnect or Disable Remote Access	Unix	NIST macOS Monterey v1.0.0 - All Profiles
OH12-1X-000034 - OHS must provide the capability to immediately disconnect or disable remote access to the hosted applications.	Unix	DISA STIG Oracle HTTP Server 12.1.3 v2r2
OL08-00-040150 - A firewall must be able to protect against or limit the effects of denial-of-service (DoS) attacks by ensuring OL 8 can implement rate-limiting measures on impacted network interfaces.	Unix	DISA Oracle Linux 8 STIG v1r10
PANW-AG-000079 - The Palo Alto Networks security, if used as a TLS gateway/decryption point or VPN concentrator, must provide the capability to immediately disconnect or disable remote access to the information system.	Palo_Alto	DISA STIG Palo Alto ALG v2r4
RHEL-09-251010 - RHEL 9 must have the firewalld package installed.	Unix	DISA Red Hat Enterprise Linux 9 STIG v1r3
SLES-15-010370 - The SUSE operating system must have a firewall system installed to immediately disconnect or disable remote access to the whole operating system.	Unix	DISA SLES 15 STIG v1r13
TCAT-AS-001030 - LockOutRealms failureCount attribute must be set to 5 failed logins for admin users.	Unix	DISA STIG Apache Tomcat Application Server 9 v2r7 Middleware
TCAT-AS-001030 - LockOutRealms failureCount attribute must be set to 5 failed logins for admin users.	Unix	DISA STIG Apache Tomcat Application Server 9 v2r7
TCAT-AS-001040 - LockOutRealms lockOutTime attribute must be set to 600 seconds (10 minutes) for admin users.	Unix	DISA STIG Apache Tomcat Application Server 9 v2r7 Middleware
TCAT-AS-001040 - LockOutRealms lockOutTime attribute must be set to 600 seconds (10 minutes) for admin users.	Unix	DISA STIG Apache Tomcat Application Server 9 v2r7

Detections

Analytics