800-53|SC-10

Title

NETWORK DISCONNECT

Description

The information system terminates the network connection associated with a communications session at the end of the session or after [Assignment: organization-defined time period] of inactivity.

Supplemental

This control applies to both internal and external networks. Terminating network connections associated with communications sessions include, for example, de-allocating associated TCP/IP address/port pairs at the operating system level, or de-allocating networking assignments at the application level if multiple application sessions are using a single, operating system-level network connection. Time periods of inactivity may be established by organizations and include, for example, time periods by type of network access or for specific network accesses.

Reference Item Details

Reference: NIST 800-53 - Security and Privacy Controls for Federal Information Systems and Organizations

Category: SYSTEM AND COMMUNICATIONS PROTECTION

Family: SYSTEM AND COMMUNICATIONS PROTECTION

Priority: P2

Baseline Impact: MODERATE,HIGH

Audit Items

View all Reference Audit Items

Name	Plugin	Audit Name
2.1.6 Set 'service tcp-keepalives-in'	Cisco	CIS Cisco IOS 12 L1 v4.0.0
2.1.7 Set 'service tcp-keepalives-out'	Cisco	CIS Cisco IOS 16 L1 v2.0.0
2.1.7 Set 'service tcp-keepalives-out'	Cisco	CIS Cisco IOS 12 L1 v4.0.0
2.1.7 Set 'service tcp-keepalives-out'	Cisco	CIS Cisco IOS 17 L1 v2.0.0
2.2.6 Ensure 'Send connector timeout' is set to '10'	Windows	CIS Microsoft Exchange Server 2019 L1 Mailbox v1.0.0
2.2.7 Ensure 'Receive connector timeout' is set to '5'	Windows	CIS Microsoft Exchange Server 2019 L1 Mailbox v1.0.0
3.074 - The system is not configured to force users to log off when their allowed logon hours expire.	Windows	DISA Windows Vista STIG v6r41
4.006 - Users must be forcibly disconnected when their logon hours expire.	Windows	DISA Windows Vista STIG v6r41
4.23 sqlnet.ora - 'sqlnet.inbound_connect_timeout = 3'	Unix	CIS v1.1.0 Oracle 11g OS L2
4.028 - The amount of idle time required before suspending a session must be properly set.	Windows	DISA Windows Vista STIG v6r41
5.3.19 Ensure SSH Idle Timeout Interval is configured - ClientAliveCountMax	Unix	CIS Red Hat Enterprise Linux 7 STIG v2.0.0 STIG
5.3.19 Ensure SSH Idle Timeout Interval is configured - ClientAliveInterval	Unix	CIS Red Hat Enterprise Linux 7 STIG v2.0.0 STIG
5.5.4 Ensure default user shell timeout is configured	Unix	CIS Red Hat Enterprise Linux 7 STIG v2.0.0 STIG
5.046 - Terminal Services is not configured to set a time limit for disconnected sessions.	Windows	DISA Windows Vista STIG v6r41
5.047 - Terminal Services idle session time limit does not meet the requirement.	Windows	DISA Windows Vista STIG v6r41
AIX7-00-002105 - AIX must config the SSH idle timeout interval.	Unix	DISA STIG AIX 7.x v2r9
AIX7-00-003003 - AIX must set inactivity time-out on login sessions and terminate all login sessions after 10 minutes of inactivity.	Unix	DISA STIG AIX 7.x v2r9
AOSX-13-000720 - The macOS system must be configured with the SSH daemon ClientAliveInterval option set to 900 or less.	Unix	DISA STIG Apple Mac OSX 10.13 v2r5
AOSX-13-000721 - The macOS system must be configured with the SSH daemon ClientAliveCountMax option set to 0.	Unix	DISA STIG Apple Mac OSX 10.13 v2r5
AOSX-13-000722 - The macOS system must be configured with the SSH daemon LoginGraceTime set to 30 or less.	Unix	DISA STIG Apple Mac OSX 10.13 v2r5
AOSX-14-000051 - The macOS system must be configured with the SSH daemon ClientAliveInterval option set to 900 or less.	Unix	DISA STIG Apple Mac OSX 10.14 v2r6
AOSX-14-000052 - The macOS system must be configured with the SSH daemon ClientAliveCountMax option set to 0.	Unix	DISA STIG Apple Mac OSX 10.14 v2r6
AOSX-14-000053 - The macOS system must be configured with the SSH daemon LoginGraceTime set to 30 or less.	Unix	DISA STIG Apple Mac OSX 10.14 v2r6
AOSX-15-000051 - The macOS system must be configured with the SSH daemon ClientAliveInterval option set to 900 or less.	Unix	DISA STIG Apple Mac OSX 10.15 v1r10
AOSX-15-000052 - The macOS system must be configured with the SSH daemon ClientAliveCountMax option set to 0.	Unix	DISA STIG Apple Mac OSX 10.15 v1r10
AOSX-15-000053 - The macOS system must be configured with the SSH daemon LoginGraceTime set to 30 or less.	Unix	DISA STIG Apple Mac OSX 10.15 v1r10
APPL-11-000051 - The macOS system must be configured with the SSH daemon ClientAliveInterval option set to 900 or less.	Unix	DISA STIG Apple macOS 11 v1r5
APPL-11-000051 - The macOS system must be configured with the SSH daemon ClientAliveInterval option set to 900 or less.	Unix	DISA STIG Apple macOS 11 v1r8
APPL-11-000052 - The macOS system must be configured with the SSH daemon ClientAliveCountMax option set to 0.	Unix	DISA STIG Apple macOS 11 v1r5
APPL-11-000052 - The macOS system must be configured with the SSH daemon ClientAliveCountMax option set to 0.	Unix	DISA STIG Apple macOS 11 v1r8
APPL-11-000053 - The macOS system must be configured with the SSH daemon LoginGraceTime set to 30 or less.	Unix	DISA STIG Apple macOS 11 v1r5
APPL-11-000053 - The macOS system must be configured with the SSH daemon LoginGraceTime set to 30 or less.	Unix	DISA STIG Apple macOS 11 v1r8
APPL-12-000051 - The macOS system must be configured with the SSH daemon ClientAliveInterval option set to 900 or less.	Unix	DISA STIG Apple macOS 12 v1r8
APPL-12-000052 - The macOS system must be configured with the SSH daemon ClientAliveCountMax option set to 1.	Unix	DISA STIG Apple macOS 12 v1r8
APPL-12-000053 - The macOS system must be configured with the SSH daemon LoginGraceTime set to 30 or less.	Unix	DISA STIG Apple macOS 12 v1r8
APPL-13-000051 - The macOS system must be configured with the SSH daemon ClientAliveInterval option set to 900 or less.	Unix	DISA STIG Apple macOS 13 v1r3
APPL-13-000052 - The macOS system must be configured with the SSH daemon ClientAliveCountMax option set to 1.	Unix	DISA STIG Apple macOS 13 v1r3
APPL-13-000053 - The macOS system must be configured with the SSH daemon LoginGraceTime set to 30 or less.	Unix	DISA STIG Apple macOS 13 v1r3
Big Sur - Configure SSH ServerAliveInterval option set to 900 or less	Unix	NIST macOS Big Sur v1.4.0 - 800-53r5 Moderate
Big Sur - Configure SSH ServerAliveInterval option set to 900 or less	Unix	NIST macOS Big Sur v1.4.0 - 800-53r4 Moderate
Big Sur - Configure SSH ServerAliveInterval option set to 900 or less	Unix	NIST macOS Big Sur v1.4.0 - 800-53r5 High
Big Sur - Configure SSH ServerAliveInterval option set to 900 or less	Unix	NIST macOS Big Sur v1.4.0 - All Profiles
Big Sur - Configure SSH ServerAliveInterval option set to 900 or less	Unix	NIST macOS Big Sur v1.4.0 - 800-53r4 High
Big Sur - Configure SSH ServerAliveInterval option set to 900 or less	Unix	NIST macOS Big Sur v1.4.0 - 800-171
Big Sur - Configure SSH ServerAliveInterval option set to 900 or less	Unix	NIST macOS Big Sur v1.4.0 - CNSSI 1253
Big Sur - Configure SSHD ClientAliveInterval option set to 900 or less	Unix	NIST macOS Big Sur v1.4.0 - All Profiles
Big Sur - Set Login Grace Time to 30 or Less	Unix	NIST macOS Big Sur v1.4.0 - All Profiles
Big Sur - Set SSH Active Server Alive Maximum to Zero	Unix	NIST macOS Big Sur v1.4.0 - 800-53r5 Moderate
Big Sur - Set SSH Active Server Alive Maximum to Zero	Unix	NIST macOS Big Sur v1.4.0 - 800-53r4 Moderate
Big Sur - Set SSH Active Server Alive Maximum to Zero	Unix	NIST macOS Big Sur v1.4.0 - 800-53r5 High

Detections

Analytics