CCI|CCI-001133

Title

The information system terminates the network connection associated with a communications session at the end of the session or after an organization-defined time period of inactivity.

Reference Item Details

Category: 2009

Audit Items

View all Reference Audit Items

NamePluginAudit Name
3.074 - The system is not configured to force users to log off when their allowed logon hours expire.WindowsDISA Windows Vista STIG v6r41
4.006 - Users must be forcibly disconnected when their logon hours expire.WindowsDISA Windows Vista STIG v6r41
4.028 - The amount of idle time required before suspending a session must be properly set.WindowsDISA Windows Vista STIG v6r41
5.3.19 Ensure SSH Idle Timeout Interval is configured - ClientAliveCountMaxUnixCIS Red Hat Enterprise Linux 7 STIG v2.0.0 STIG
5.3.19 Ensure SSH Idle Timeout Interval is configured - ClientAliveIntervalUnixCIS Red Hat Enterprise Linux 7 STIG v2.0.0 STIG
5.5.4 Ensure default user shell timeout is configuredUnixCIS Red Hat Enterprise Linux 7 STIG v2.0.0 STIG
5.046 - Terminal Services is not configured to set a time limit for disconnected sessions.WindowsDISA Windows Vista STIG v6r41
5.047 - Terminal Services idle session time limit does not meet the requirement.WindowsDISA Windows Vista STIG v6r41
AIX7-00-002105 - AIX must config the SSH idle timeout interval - ClientAliveCountMaxUnixDISA STIG AIX 7.x v2r5
AIX7-00-002105 - AIX must config the SSH idle timeout interval - ClientAliveIntervalUnixDISA STIG AIX 7.x v2r5
AIX7-00-003003 - AIX must set inactivity time-out on login sessions and terminate all login sessions after 10 minutes of inactivity - TIMEOUTUnixDISA STIG AIX 7.x v2r5
AIX7-00-003003 - AIX must set inactivity time-out on login sessions and terminate all login sessions after 10 minutes of inactivity - TMOUTUnixDISA STIG AIX 7.x v2r5
AOSX-13-000720 - The macOS system must be configured with the SSH daemon ClientAliveInterval option set to 900 or less.UnixDISA STIG Apple Mac OSX 10.13 v2r5
AOSX-13-000721 - The macOS system must be configured with the SSH daemon ClientAliveCountMax option set to 0.UnixDISA STIG Apple Mac OSX 10.13 v2r5
AOSX-13-000722 - The macOS system must be configured with the SSH daemon LoginGraceTime set to 30 or less.UnixDISA STIG Apple Mac OSX 10.13 v2r5
AOSX-14-000051 - The macOS system must be configured with the SSH daemon ClientAliveInterval option set to 900 or less.UnixDISA STIG Apple Mac OSX 10.14 v2r6
AOSX-14-000052 - The macOS system must be configured with the SSH daemon ClientAliveCountMax option set to 0.UnixDISA STIG Apple Mac OSX 10.14 v2r6
AOSX-14-000053 - The macOS system must be configured with the SSH daemon LoginGraceTime set to 30 or less.UnixDISA STIG Apple Mac OSX 10.14 v2r6
AOSX-15-000051 - The macOS system must be configured with the SSH daemon ClientAliveInterval option set to 900 or less.UnixDISA STIG Apple Mac OSX 10.15 v1r8
AOSX-15-000052 - The macOS system must be configured with the SSH daemon ClientAliveCountMax option set to 0.UnixDISA STIG Apple Mac OSX 10.15 v1r8
AOSX-15-000053 - The macOS system must be configured with the SSH daemon LoginGraceTime set to 30 or less.UnixDISA STIG Apple Mac OSX 10.15 v1r8
APPL-11-000051 - The macOS system must be configured with the SSH daemon ClientAliveInterval option set to 900 or less.UnixDISA STIG Apple macOS 11 v1r5
APPL-11-000051 - The macOS system must be configured with the SSH daemon ClientAliveInterval option set to 900 or less.UnixDISA STIG Apple macOS 11 v1r6
APPL-11-000052 - The macOS system must be configured with the SSH daemon ClientAliveCountMax option set to 0.UnixDISA STIG Apple macOS 11 v1r5
APPL-11-000052 - The macOS system must be configured with the SSH daemon ClientAliveCountMax option set to 0.UnixDISA STIG Apple macOS 11 v1r6
APPL-11-000053 - The macOS system must be configured with the SSH daemon LoginGraceTime set to 30 or less.UnixDISA STIG Apple macOS 11 v1r5
APPL-11-000053 - The macOS system must be configured with the SSH daemon LoginGraceTime set to 30 or less.UnixDISA STIG Apple macOS 11 v1r6
Big Sur - Configure SSHD ClientAliveInterval option set to 900 or lessUnixNIST macOS Big Sur v1.4.0 - All Profiles
Big Sur - Set Login Grace Time to 30 or LessUnixNIST macOS Big Sur v1.4.0 - All Profiles
Big Sur - Set SSHD Active Client Alive Maximum to ZeroUnixNIST macOS Big Sur v1.4.0 - All Profiles
Catalina - Configure SSHD ClientAliveInterval option set to 900 or lessUnixNIST macOS Catalina v1.5.0 - All Profiles
CISC-ND-000720 - The Cisco router must be configured to terminate all network connections associated with device management after 10 minutes of inactivity - exec-timeoutCiscoDISA STIG Cisco IOS XE Router NDM v2r3
CISC-ND-000720 - The Cisco router must be configured to terminate all network connections associated with device management after 10 minutes of inactivity - exec-timeoutCiscoDISA STIG Cisco IOS Router NDM v2r4
CISC-ND-000720 - The Cisco router must be configured to terminate all network connections associated with device management after 10 minutes of inactivity - ip http secure-serverCiscoDISA STIG Cisco IOS XE Router NDM v2r3
CISC-ND-000720 - The Cisco router must be configured to terminate all network connections associated with device management after 10 minutes of inactivity - ip http secure-serverCiscoDISA STIG Cisco IOS Router NDM v2r4
CISC-ND-000720 - The Cisco router must be configured to terminate all network connections associated with device management after 10 minutes of inactivity - ip http timeout-policyCiscoDISA STIG Cisco IOS Router NDM v2r4
CISC-ND-000720 - The Cisco router must be configured to terminate all network connections associated with device management after 10 minutes of inactivity - ip http timeout-policyCiscoDISA STIG Cisco IOS XE Router NDM v2r3
CISC-ND-000720 - The Cisco router must be configured to terminate all network connections associated with device management after 10 minutes of inactivity - line consoleCiscoDISA STIG Cisco IOS-XR Router NDM v2r2
CISC-ND-000720 - The Cisco router must be configured to terminate all network connections associated with device management after 10 minutes of inactivity - line defaultCiscoDISA STIG Cisco IOS-XR Router NDM v2r2
CISC-ND-000720 - The Cisco switch must be configured to terminate all network connections associated with device management after 10 minutes of inactivity - ip http secure-serverCiscoDISA STIG Cisco IOS Switch NDM v2r3
CISC-ND-000720 - The Cisco switch must be configured to terminate all network connections associated with device management after 10 minutes of inactivity - ip http secure-serverCiscoDISA STIG Cisco IOS XE Switch NDM v2r2
CISC-ND-000720 - The Cisco switch must be configured to terminate all network connections associated with device management after 10 minutes of inactivity - ip http timeoutCiscoDISA STIG Cisco IOS XE Switch NDM v2r2
CISC-ND-000720 - The Cisco switch must be configured to terminate all network connections associated with device management after 10 minutes of inactivity - ip http timeoutCiscoDISA STIG Cisco IOS Switch NDM v2r3
CISC-ND-000720 - The Cisco switch must be configured to terminate all network connections associated with device management after 10 minutes of inactivity - line conCiscoDISA STIG Cisco NX-OS Switch NDM v2r3
CISC-ND-000720 - The Cisco switch must be configured to terminate all network connections associated with device management after 10 minutes of inactivity - line conCiscoDISA STIG Cisco IOS Switch NDM v2r3
CISC-ND-000720 - The Cisco switch must be configured to terminate all network connections associated with device management after 10 minutes of inactivity - line conCiscoDISA STIG Cisco IOS XE Switch NDM v2r2
CISC-ND-000720 - The Cisco switch must be configured to terminate all network connections associated with device management after 10 minutes of inactivity - line vtyCiscoDISA STIG Cisco NX-OS Switch NDM v2r3
CISC-ND-000720 - The Cisco switch must be configured to terminate all network connections associated with device management after 10 minutes of inactivity - line vtyCiscoDISA STIG Cisco IOS Switch NDM v2r3
CISC-ND-000720 - The Cisco switch must be configured to terminate all network connections associated with device management after 10 minutes of inactivity - line vtyCiscoDISA STIG Cisco IOS XE Switch NDM v2r2
CNTR-K8-001300 - Kubernetes Kubelet must not disable timeouts.UnixDISA STIG Kubernetes v1r5