CCI|CCI-000054

Title

The information system limits the number of concurrent sessions for each organization-defined account and/or account type to an organization-defined number of sessions.

Description

The organization may define the maximum number of concurrent sessions for an information system account globally, by account type, by account, or a combination. This control addresses concurrent sessions for a given information system account and does not address concurrent sessions by a single user via multiple system accounts.

Reference Item Details

Category: 2009

Audit Items

View all Reference Audit Items

NamePluginAudit Name
1.5.5 Ensure number of concurrent sessions is limitedUnixCIS Red Hat Enterprise Linux 7 STIG v2.0.0 STIG
AIX7-00-001004 - AIX must limit the number of concurrent sessions to 10 for all accounts and/or account types.UnixDISA STIG AIX 7.x v2r5
AOSX-14-000050 - The macOS system must limit the number of concurrent SSH sessions to 10 for all accounts and/or account types.UnixDISA STIG Apple Mac OSX 10.14 v2r6
AS24-U1-000010 - The Apache web server must limit the number of allowed simultaneous session requests - KeepAliveUnixDISA STIG Apache Server 2.4 Unix Server v2r5
AS24-U1-000010 - The Apache web server must limit the number of allowed simultaneous session requests - KeepAliveUnixDISA STIG Apache Server 2.4 Unix Server v2r5 Middleware
AS24-U1-000010 - The Apache web server must limit the number of allowed simultaneous session requests - MaxKeepAliveRequestsUnixDISA STIG Apache Server 2.4 Unix Server v2r5
AS24-U1-000010 - The Apache web server must limit the number of allowed simultaneous session requests - MaxKeepAliveRequestsUnixDISA STIG Apache Server 2.4 Unix Server v2r5 Middleware
AS24-U1-000020 - The Apache web server must perform server-side session management - httpdUnixDISA STIG Apache Server 2.4 Unix Server v2r5 Middleware
AS24-U1-000020 - The Apache web server must perform server-side session management - httpdUnixDISA STIG Apache Server 2.4 Unix Server v2r5
AS24-U1-000020 - The Apache web server must perform server-side session management - session_moduleUnixDISA STIG Apache Server 2.4 Unix Server v2r5 Middleware
AS24-U1-000020 - The Apache web server must perform server-side session management - session_moduleUnixDISA STIG Apache Server 2.4 Unix Server v2r5
AS24-U1-000020 - The Apache web server must perform server-side session management - usertrack_moduleUnixDISA STIG Apache Server 2.4 Unix Server v2r5
AS24-U1-000020 - The Apache web server must perform server-side session management - usertrack_moduleUnixDISA STIG Apache Server 2.4 Unix Server v2r5 Middleware
AS24-U2-000020 - The Apache web server must perform server-side session management - session_moduleUnixDISA STIG Apache Server 2.4 Unix Site v2r2
AS24-U2-000020 - The Apache web server must perform server-side session management - session_moduleUnixDISA STIG Apache Server 2.4 Unix Site v2r2 Middleware
AS24-U2-000020 - The Apache web server must perform server-side session management - usertrack_moduleUnixDISA STIG Apache Server 2.4 Unix Site v2r2
AS24-U2-000020 - The Apache web server must perform server-side session management - usertrack_moduleUnixDISA STIG Apache Server 2.4 Unix Site v2r2 Middleware
AS24-W1-000010 - The Apache web server must limit the number of allowed simultaneous session requests.WindowsDISA STIG Apache Server 2.4 Windows Server v2r2
AS24-W1-000020 - The Apache web server must perform server-side session management - session_moduleWindowsDISA STIG Apache Server 2.4 Windows Server v2r2
AS24-W1-000020 - The Apache web server must perform server-side session management - usertrack_moduleWindowsDISA STIG Apache Server 2.4 Windows Server v2r2
AS24-W2-000010 - The Apache web server must limit the number of allowed simultaneous session requests.WindowsDISA STIG Apache Server 2.4 Windows Site v2r1
AS24-W2-000020 - The Apache web server must perform server-side session management.WindowsDISA STIG Apache Server 2.4 Windows Site v2r1
Big Sur - Limit Concurrent GUI Sessions to 10 for all AccountsUnixNIST macOS Big Sur v1.4.0 - 800-53r4 High
Big Sur - Limit Concurrent GUI Sessions to 10 for all AccountsUnixNIST macOS Big Sur v1.4.0 - 800-53r5 High
Big Sur - Limit Concurrent GUI Sessions to 10 for all AccountsUnixNIST macOS Big Sur v1.4.0 - All Profiles
BIND-9X-001050 - The BIND 9.x secondary name server must limit the number of zones requested from a single master name server.UnixDISA BIND 9.x STIG v2r2
BIND-9X-001051 - The BIND 9.x secondary name server must limit the total number of zones the name server can request at any one time.UnixDISA BIND 9.x STIG v2r2
BIND-9X-001052 - The BIND 9.x server implementation must limit the number of concurrent session client connections to the number of allowed dynamic update clients.UnixDISA BIND 9.x STIG v2r2
BIND-9X-001070 - A BIND 9.x master name server must limit the number of concurrent zone transfers between authorized secondary name servers.UnixDISA BIND 9.x STIG v2r2
CASA-ND-000010 - The Cisco ASA must be configured to limit the number of concurrent management sessions to an organization-defined number.CiscoDISA STIG Cisco ASA NDM v1r1
Catalina - Limit Concurrent GUI Sessions to 10 for all AccountsUnixNIST macOS Catalina v1.5.0 - 800-53r4 High
Catalina - Limit Concurrent GUI Sessions to 10 for all AccountsUnixNIST macOS Catalina v1.5.0 - All Profiles
Catalina - Limit Concurrent GUI Sessions to 10 for all AccountsUnixNIST macOS Catalina v1.5.0 - 800-53r5 High
CISC-ND-000010 - The Cisco router must be configured to limit the number of concurrent management sessions to an organization-defined number - ip http max-connectionsCiscoDISA STIG Cisco IOS XE Router NDM v2r3
CISC-ND-000010 - The Cisco router must be configured to limit the number of concurrent management sessions to an organization-defined number - ip http max-connectionsCiscoDISA STIG Cisco IOS Router NDM v2r4
CISC-ND-000010 - The Cisco router must be configured to limit the number of concurrent management sessions to an organization-defined number - session-limitCiscoDISA STIG Cisco IOS XE Router NDM v2r3
CISC-ND-000010 - The Cisco router must be configured to limit the number of concurrent management sessions to an organization-defined number - session-limitCiscoDISA STIG Cisco IOS Router NDM v2r4
CISC-ND-000010 - The Cisco router must be configured to limit the number of concurrent management sessions to an organization-defined number.CiscoDISA STIG Cisco IOS-XR Router NDM v2r2
CISC-ND-000010 - The Cisco switch must be configured to limit the number of concurrent management sessions to an organization-defined number - ip http max connectionsCiscoDISA STIG Cisco IOS Switch NDM v2r3
CISC-ND-000010 - The Cisco switch must be configured to limit the number of concurrent management sessions to an organization-defined number - ip http max connectionsCiscoDISA STIG Cisco IOS XE Switch NDM v2r2
CISC-ND-000010 - The Cisco switch must be configured to limit the number of concurrent management sessions to an organization-defined number - session-limitCiscoDISA STIG Cisco IOS XE Switch NDM v2r2
CISC-ND-000010 - The Cisco switch must be configured to limit the number of concurrent management sessions to an organization-defined number.CiscoDISA STIG Cisco NX-OS Switch NDM v2r3
CISC-ND-000010 - The Cisco switch must be configured to limit the number of concurrent management sessions to an organization-defined number.CiscoDISA STIG Cisco IOS Switch NDM v2r3
Configuring CIDR Network Addresses for the BIG-IP packet filter - Always accept ARPF5Tenable F5 BIG-IP Best Practice Audit
Configuring CIDR Network Addresses for the BIG-IP packet filter - Always accept important ICMPF5Tenable F5 BIG-IP Best Practice Audit
Configuring CIDR Network Addresses for the BIG-IP packet filter - Filter established connectionsF5Tenable F5 BIG-IP Best Practice Audit
Configuring CIDR Network Addresses for the BIG-IP packet filter - Packet filter loggingF5Tenable F5 BIG-IP Best Practice Audit
Configuring CIDR Network Addresses for the BIG-IP packet filter - Review Packet-Filter RulesF5Tenable F5 BIG-IP Best Practice Audit
Configuring CIDR Network Addresses for the BIG-IP packet filter - Send ICMP error on packet rejectF5Tenable F5 BIG-IP Best Practice Audit
Configuring CIDR Network Addresses for the BIG-IP packet filter - Unhandled Packet ActionF5Tenable F5 BIG-IP Best Practice Audit