800-53|SC-10

Title

NETWORK DISCONNECT

Description

The information system terminates the network connection associated with a communications session at the end of the session or after [Assignment: organization-defined time period] of inactivity.

Supplemental

This control applies to both internal and external networks. Terminating network connections associated with communications sessions include, for example, de-allocating associated TCP/IP address/port pairs at the operating system level, or de-allocating networking assignments at the application level if multiple application sessions are using a single, operating system-level network connection. Time periods of inactivity may be established by organizations and include, for example, time periods by type of network access or for specific network accesses.

Reference Item Details

Category: SYSTEM AND COMMUNICATIONS PROTECTION

Family: SYSTEM AND COMMUNICATIONS PROTECTION

Priority: P2

Baseline Impact: MODERATE,HIGH

Audit Items

View all Reference Audit Items

NamePluginAudit Name
2.1.6 Set 'service tcp-keepalives-in'CiscoCIS Cisco IOS 12 L1 v4.0.0
2.1.7 Set 'service tcp-keepalives-out'CiscoCIS Cisco IOS 12 L1 v4.0.0
2.1.7 Set 'service tcp-keepalives-out'CiscoCIS Cisco IOS 16 L1 v1.1.2
3.074 - The system is not configured to force users to log off when their allowed logon hours expire.WindowsDISA Windows Vista STIG v6r41
4.006 - Users must be forcibly disconnected when their logon hours expire.WindowsDISA Windows Vista STIG v6r41
4.23 sqlnet.ora - 'sqlnet.inbound_connect_timeout = 3'UnixCIS v1.1.0 Oracle 11g OS L2
4.028 - The amount of idle time required before suspending a session must be properly set.WindowsDISA Windows Vista STIG v6r41
5.3.19 Ensure SSH Idle Timeout Interval is configured - ClientAliveCountMaxUnixCIS Red Hat Enterprise Linux 7 STIG v2.0.0 STIG
5.3.19 Ensure SSH Idle Timeout Interval is configured - ClientAliveIntervalUnixCIS Red Hat Enterprise Linux 7 STIG v2.0.0 STIG
5.5.4 Ensure default user shell timeout is configuredUnixCIS Red Hat Enterprise Linux 7 STIG v2.0.0 STIG
5.046 - Terminal Services is not configured to set a time limit for disconnected sessions.WindowsDISA Windows Vista STIG v6r41
5.047 - Terminal Services idle session time limit does not meet the requirement.WindowsDISA Windows Vista STIG v6r41
AIX7-00-002105 - AIX must config the SSH idle timeout interval - ClientAliveCountMaxUnixDISA STIG AIX 7.x v2r5
AIX7-00-002105 - AIX must config the SSH idle timeout interval - ClientAliveIntervalUnixDISA STIG AIX 7.x v2r5
AIX7-00-003003 - AIX must set inactivity time-out on login sessions and terminate all login sessions after 10 minutes of inactivity - TIMEOUTUnixDISA STIG AIX 7.x v2r5
AIX7-00-003003 - AIX must set inactivity time-out on login sessions and terminate all login sessions after 10 minutes of inactivity - TMOUTUnixDISA STIG AIX 7.x v2r5
AOSX-13-000720 - The macOS system must be configured with the SSH daemon ClientAliveInterval option set to 900 or less.UnixDISA STIG Apple Mac OSX 10.13 v2r5
AOSX-13-000721 - The macOS system must be configured with the SSH daemon ClientAliveCountMax option set to 0.UnixDISA STIG Apple Mac OSX 10.13 v2r5
AOSX-13-000722 - The macOS system must be configured with the SSH daemon LoginGraceTime set to 30 or less.UnixDISA STIG Apple Mac OSX 10.13 v2r5
AOSX-14-000051 - The macOS system must be configured with the SSH daemon ClientAliveInterval option set to 900 or less.UnixDISA STIG Apple Mac OSX 10.14 v2r6
AOSX-14-000052 - The macOS system must be configured with the SSH daemon ClientAliveCountMax option set to 0.UnixDISA STIG Apple Mac OSX 10.14 v2r6
AOSX-14-000053 - The macOS system must be configured with the SSH daemon LoginGraceTime set to 30 or less.UnixDISA STIG Apple Mac OSX 10.14 v2r6
AOSX-15-000051 - The macOS system must be configured with the SSH daemon ClientAliveInterval option set to 900 or less.UnixDISA STIG Apple Mac OSX 10.15 v1r8
AOSX-15-000052 - The macOS system must be configured with the SSH daemon ClientAliveCountMax option set to 0.UnixDISA STIG Apple Mac OSX 10.15 v1r8
AOSX-15-000053 - The macOS system must be configured with the SSH daemon LoginGraceTime set to 30 or less.UnixDISA STIG Apple Mac OSX 10.15 v1r8
APPL-11-000051 - The macOS system must be configured with the SSH daemon ClientAliveInterval option set to 900 or less.UnixDISA STIG Apple macOS 11 v1r5
APPL-11-000051 - The macOS system must be configured with the SSH daemon ClientAliveInterval option set to 900 or less.UnixDISA STIG Apple macOS 11 v1r6
APPL-11-000052 - The macOS system must be configured with the SSH daemon ClientAliveCountMax option set to 0.UnixDISA STIG Apple macOS 11 v1r5
APPL-11-000052 - The macOS system must be configured with the SSH daemon ClientAliveCountMax option set to 0.UnixDISA STIG Apple macOS 11 v1r6
APPL-11-000053 - The macOS system must be configured with the SSH daemon LoginGraceTime set to 30 or less.UnixDISA STIG Apple macOS 11 v1r5
APPL-11-000053 - The macOS system must be configured with the SSH daemon LoginGraceTime set to 30 or less.UnixDISA STIG Apple macOS 11 v1r6
Big Sur - Configure SSH ServerAliveInterval option set to 900 or lessUnixNIST macOS Big Sur v1.4.0 - 800-53r4 High
Big Sur - Configure SSH ServerAliveInterval option set to 900 or lessUnixNIST macOS Big Sur v1.4.0 - 800-53r5 High
Big Sur - Configure SSH ServerAliveInterval option set to 900 or lessUnixNIST macOS Big Sur v1.4.0 - 800-53r4 Moderate
Big Sur - Configure SSH ServerAliveInterval option set to 900 or lessUnixNIST macOS Big Sur v1.4.0 - All Profiles
Big Sur - Configure SSH ServerAliveInterval option set to 900 or lessUnixNIST macOS Big Sur v1.4.0 - 800-171
Big Sur - Configure SSH ServerAliveInterval option set to 900 or lessUnixNIST macOS Big Sur v1.4.0 - 800-53r5 Moderate
Big Sur - Configure SSH ServerAliveInterval option set to 900 or lessUnixNIST macOS Big Sur v1.4.0 - CNSSI 1253
Big Sur - Configure SSHD ClientAliveInterval option set to 900 or lessUnixNIST macOS Big Sur v1.4.0 - All Profiles
Big Sur - Set Login Grace Time to 30 or LessUnixNIST macOS Big Sur v1.4.0 - All Profiles
Big Sur - Set SSH Active Server Alive Maximum to ZeroUnixNIST macOS Big Sur v1.4.0 - 800-53r4 High
Big Sur - Set SSH Active Server Alive Maximum to ZeroUnixNIST macOS Big Sur v1.4.0 - 800-53r5 High
Big Sur - Set SSH Active Server Alive Maximum to ZeroUnixNIST macOS Big Sur v1.4.0 - 800-53r4 Moderate
Big Sur - Set SSH Active Server Alive Maximum to ZeroUnixNIST macOS Big Sur v1.4.0 - 800-53r5 Moderate
Big Sur - Set SSH Active Server Alive Maximum to ZeroUnixNIST macOS Big Sur v1.4.0 - All Profiles
Big Sur - Set SSH Active Server Alive Maximum to ZeroUnixNIST macOS Big Sur v1.4.0 - 800-171
Big Sur - Set SSH Active Server Alive Maximum to ZeroUnixNIST macOS Big Sur v1.4.0 - CNSSI 1253
Big Sur - Set SSHD Active Client Alive Maximum to ZeroUnixNIST macOS Big Sur v1.4.0 - All Profiles
CISC-ND-000720 - The Cisco router must be configured to terminate all network connections associated with device management after 10 minutes of inactivity - exec-timeoutCiscoDISA STIG Cisco IOS XE Router NDM v2r3
CISC-ND-000720 - The Cisco router must be configured to terminate all network connections associated with device management after 10 minutes of inactivity - exec-timeoutCiscoDISA STIG Cisco IOS Router NDM v2r4