Detections
Analytics

800-53|SC-23(1)

Title

INVALIDATE SESSION IDENTIFIERS AT LOGOUT

Description

The information system invalidates session identifiers upon user logout or other session termination.

Supplemental

This control enhancement curtails the ability of adversaries from capturing and continuing to employ previously valid session IDs.

Reference Item Details

Category: SYSTEM AND COMMUNICATIONS PROTECTION

Parent Title: SESSION AUTHENTICITY

Family: SYSTEM AND COMMUNICATIONS PROTECTION

Audit Items

View all Reference Audit Items

NamePluginAudit Name
AS24-U1-000460 - The Apache web server must invalidate session identifiers upon hosted application user logout or other session termination.UnixDISA STIG Apache Server 2.4 Unix Server v2r6 Middleware
AS24-U1-000460 - The Apache web server must invalidate session identifiers upon hosted application user logout or other session termination.UnixDISA STIG Apache Server 2.4 Unix Server v2r6
AS24-W1-000460 - The Apache web server must invalidate session identifiers upon hosted application user logout or other session termination.WindowsDISA STIG Apache Server 2.4 Windows Server v2r3
AS24-W2-000460 - The Apache web server must invalidate session identifiers upon hosted application user logout or other session termination.WindowsDISA STIG Apache Server 2.4 Windows Site v2r1
IISW-SV-000134 - The IIS 8.5 web server must use cookies to track session state.WindowsDISA IIS 8.5 Server v2r7
MADB-10-004700 - MariaDB must invalidate session identifiers upon user logout or other session termination.MySQLDBDISA MariaDB Enterprise 10.x v1r3 DB
O112-C2-017600 - The DBMS must terminate user sessions upon user logout or any other organization or policy-defined session termination events, such as idle time limit exceeded - CONNECT_TIMEOracleDBDISA STIG Oracle 11.2g v2r3 Database
O112-C2-017600 - The DBMS must terminate user sessions upon user logout or any other organization or policy-defined session termination events, such as idle time limit exceeded - IDLE_TIMEOracleDBDISA STIG Oracle 11.2g v2r3 Database
O112-C2-017600 - The DBMS must terminate user sessions upon user logout or any other organization or policy-defined session termination events, such as idle time limit exceeded - SESSIONS_PER_USEROracleDBDISA STIG Oracle 11.2g v2r3 Database
O121-C2-017600 - The DBMS must terminate user sessions upon user logoff or any other organization or policy-defined session termination events, such as idle time limit exceeded.OracleDBDISA STIG Oracle 12c v2r9 Database
PGS9-00-010600 - PostgreSQL must invalidate session identifiers upon user logout or other session termination - statement_timeoutPostgreSQLDBDISA STIG PostgreSQL 9.x on RHEL DB v2r3
PGS9-00-010600 - PostgreSQL must invalidate session identifiers upon user logout or other session termination - tcp_keepalives_countPostgreSQLDBDISA STIG PostgreSQL 9.x on RHEL DB v2r3
PGS9-00-010600 - PostgreSQL must invalidate session identifiers upon user logout or other session termination - tcp_keepalives_idlePostgreSQLDBDISA STIG PostgreSQL 9.x on RHEL DB v2r3
PGS9-00-010600 - PostgreSQL must invalidate session identifiers upon user logout or other session termination - tcp_keepalives_intervalPostgreSQLDBDISA STIG PostgreSQL 9.x on RHEL DB v2r3
SP13-00-000115 - SharePoint must terminate user sessions upon user logoff, and when idle time limit is exceeded.WindowsDISA STIG SharePoint 2013 v2r3
WBLC-08-000224 - Oracle WebLogic must terminate user sessions upon user logout or any other organization- or policy-defined session termination events such as idle time limit exceeded.UnixOracle WebLogic Server 12c Linux v2r1 Middleware
WBLC-08-000224 - Oracle WebLogic must terminate user sessions upon user logout or any other organization- or policy-defined session termination events such as idle time limit exceeded.UnixOracle WebLogic Server 12c Linux v2r1
WBLC-08-000224 - Oracle WebLogic must terminate user sessions upon user logout or any other organization- or policy-defined session termination events such as idle time limit exceeded.WindowsOracle WebLogic Server 12c Windows v2r1