Audits
Settings
Links
Tenable Cloud
Tenable Community & Support
Tenable University
Theme
Light
Dark
Auto
Help
Plugins
Overview
Plugins Pipeline
Newest
Updated
Search
Nessus Families
WAS Families
NNM Families
LCE Families
Tenable OT Security Families
About Plugin Families
Release Notes
Audits
Overview
Newest
Updated
Search Audit Files
Search Items
References
Authorities
Documentation
Download All Audit Files
Policies
Overview
Search
AWS Resources
Azure Resources
GCP Resources
Kubernetes Resources
Indicators
Overview
Search
Indicators of Attack
Indicators of Exposure
CVEs
Overview
Newest
Updated
Search
Attack Path Techniques
Overview
Search
Links
Tenable Cloud
Tenable Community & Support
Tenable University
Settings
Theme
Light
Dark
Auto
Detections
Plugins
Overview
Plugins Pipeline
Release Notes
Newest
Updated
Search
Nessus Families
WAS Families
NNM Families
LCE Families
Tenable OT Security Families
About Plugin Families
Audits
Overview
Newest
Updated
Search Audit Files
Search Items
References
Authorities
Documentation
Download All Audit Files
Policies
Overview
Search
AWS Resources
Azure Resources
GCP Resources
Kubernetes Resources
Indicators
Overview
Search
Indicators of Attack
Indicators of Exposure
Analytics
CVEs
Overview
Newest
Updated
Search
Attack Path Techniques
Overview
Search
Audits
References
CCI
CCI-002361
CCI
CCI|CCI-002361
Title
The information system automatically terminates a user session after organization-defined conditions or trigger events requiring session disconnect.
Reference Item Details
Reference:
CCI - DISA Control Correlation Identifier
Category:
2013
Audit Items
View all Reference Audit Items
Name
Plugin
Audit Name
4.028 - The amount of idle time required before suspending a session must be properly set.
Windows
DISA Windows Vista STIG v6r41
5.3.19 Ensure SSH Idle Timeout Interval is configured - ClientAliveCountMax
Unix
CIS Red Hat Enterprise Linux 7 STIG v2.0.0 STIG
5.3.19 Ensure SSH Idle Timeout Interval is configured - ClientAliveInterval
Unix
CIS Red Hat Enterprise Linux 7 STIG v2.0.0 STIG
5.5.4 Ensure default user shell timeout is configured
Unix
CIS Red Hat Enterprise Linux 7 STIG v2.0.0 STIG
5.046 - Terminal Services is not configured to set a time limit for disconnected sessions.
Windows
DISA Windows Vista STIG v6r41
5.047 - Terminal Services idle session time limit does not meet the requirement.
Windows
DISA Windows Vista STIG v6r41
AIX7-00-002105 - AIX must config the SSH idle timeout interval.
Unix
DISA STIG AIX 7.x v2r9
AIX7-00-003003 - AIX must set inactivity time-out on login sessions and terminate all login sessions after 10 minutes of inactivity.
Unix
DISA STIG AIX 7.x v2r9
AS24-U1-000460 - The Apache web server must invalidate session identifiers upon hosted application user logout or other session termination.
Unix
DISA STIG Apache Server 2.4 Unix Server v2r6
AS24-U1-000460 - The Apache web server must invalidate session identifiers upon hosted application user logout or other session termination.
Unix
DISA STIG Apache Server 2.4 Unix Server v2r6 Middleware
AS24-U1-000650 - The Apache web server must set an inactive timeout for sessions - reqtimeout_module
Unix
DISA STIG Apache Server 2.4 Unix Server v2r6
AS24-U1-000650 - The Apache web server must set an inactive timeout for sessions - reqtimeout_module
Unix
DISA STIG Apache Server 2.4 Unix Server v2r6 Middleware
AS24-U1-000650 - The Apache web server must set an inactive timeout for sessions.
Unix
DISA STIG Apache Server 2.4 Unix Server v2r6
AS24-U1-000650 - The Apache web server must set an inactive timeout for sessions.
Unix
DISA STIG Apache Server 2.4 Unix Server v2r6 Middleware
AS24-W1-000640 - The Apache web server must set an absolute timeout for sessions.
Windows
DISA STIG Apache Server 2.4 Windows Server v2r3
AS24-W1-000650 - The Apache web server must set an inactive timeout for completing the TLS handshake - mod_reqtimeout
Windows
DISA STIG Apache Server 2.4 Windows Server v2r3
AS24-W1-000650 - The Apache web server must set an inactive timeout for completing the TLS handshake - RequestReadTimeout
Windows
DISA STIG Apache Server 2.4 Windows Server v2r3
AS24-W2-000640 - The Apache web server must set an absolute timeout for sessions.
Windows
DISA STIG Apache Server 2.4 Windows Site v2r1
AS24-W2-000650 - The Apache web server must set an inactive timeout for completing the TLS handshake - mod_reqtimeout
Windows
DISA STIG Apache Server 2.4 Windows Site v2r1
AS24-W2-000650 - The Apache web server must set an inactive timeout for completing the TLS handshake - RequestReadTimeout
Windows
DISA STIG Apache Server 2.4 Windows Site v2r1
Big Sur - Enforce Auto Logout After 24 Hours of Inactivity
Unix
NIST macOS Big Sur v1.4.0 - 800-53r4 High
Big Sur - Enforce Auto Logout After 24 Hours of Inactivity
Unix
NIST macOS Big Sur v1.4.0 - 800-53r5 High
Big Sur - Enforce Auto Logout After 24 Hours of Inactivity
Unix
NIST macOS Big Sur v1.4.0 - CNSSI 1253
Big Sur - Enforce Auto Logout After 24 Hours of Inactivity
Unix
NIST macOS Big Sur v1.4.0 - 800-53r5 Moderate
Big Sur - Enforce Auto Logout After 24 Hours of Inactivity
Unix
NIST macOS Big Sur v1.4.0 - 800-171
Big Sur - Enforce Auto Logout After 24 Hours of Inactivity
Unix
NIST macOS Big Sur v1.4.0 - 800-53r4 Moderate
Big Sur - Enforce Auto Logout After 24 Hours of Inactivity
Unix
NIST macOS Big Sur v1.4.0 - All Profiles
Catalina - Enforce Auto Logout After 24 Hours of Inactivity
Unix
NIST macOS Catalina v1.5.0 - CNSSI 1253
Catalina - Enforce Auto Logout After 24 Hours of Inactivity
Unix
NIST macOS Catalina v1.5.0 - 800-53r5 High
Catalina - Enforce Auto Logout After 24 Hours of Inactivity
Unix
NIST macOS Catalina v1.5.0 - 800-53r4 Moderate
Catalina - Enforce Auto Logout After 24 Hours of Inactivity
Unix
NIST macOS Catalina v1.5.0 - 800-53r5 Moderate
Catalina - Enforce Auto Logout After 24 Hours of Inactivity
Unix
NIST macOS Catalina v1.5.0 - 800-171
Catalina - Enforce Auto Logout After 24 Hours of Inactivity
Unix
NIST macOS Catalina v1.5.0 - All Profiles
Catalina - Enforce Auto Logout After 24 Hours of Inactivity
Unix
NIST macOS Catalina v1.5.0 - 800-53r4 High
DB2X-00-006400 - DB2 must automatically terminate a user session after organization-defined conditions or trigger events requiring session disconnect.
IBM_DB2DB
DISA STIG IBM DB2 v10.5 LUW v2r1 Database
DKER-EE-002490 - The Lifetime Minutes and Renewal Threshold Minutes Login Session Controls must be set to 10 and 0 respectively in Docker Enterprise - lifetime_minutes
Unix
DISA STIG Docker Enterprise 2.x Linux/Unix UCP v2r1
DKER-EE-002490 - The Lifetime Minutes and Renewal Threshold Minutes Login Session Controls must be set to 10 and 0 respectively in Docker Enterprise - renewal_threshold_minutes
Unix
DISA STIG Docker Enterprise 2.x Linux/Unix UCP v2r1
DKER-EE-002970 - The Docker Enterprise per user limit login session control must be set per the requirements in the System Security Plan (SSP).
Unix
DISA STIG Docker Enterprise 2.x Linux/Unix UCP v2r1
EP11-00-006700 - The EDB Postgres Advanced Server must automatically terminate a user session after organization-defined conditions or trigger events requiring session disconnect.
PostgreSQLDB
EDB PostgreSQL Advanced Server v11 DB Audit v2r2
ESXI-06-100041 - The VMM must automatically terminate a user session after inactivity timeouts have expired or at shutdown by setting an idle timeout.
VMware
DISA STIG VMware vSphere 6.x ESXi v1r5
ESXI-06-100042 - The VMM must automatically terminate a user session after inactivity timeouts have expired or at shutdown by setting an idle timeout on shell services.
VMware
DISA STIG VMware vSphere 6.x ESXi v1r5
ESXI-06-100043 - The VMM must automatically terminate a user session after inactivity timeouts have expired or at shutdown.
VMware
DISA STIG VMware vSphere 6.x ESXi v1r5
ESXI-67-000041 - The ESXi host must set a timeout to automatically disable idle shell sessions after two minutes.
VMware
DISA STIG VMware vSphere 6.7 ESXi v1r3
ESXI-67-000042 - The ESXi host must terminate shell services after 10 minutes.
VMware
DISA STIG VMware vSphere 6.7 ESXi v1r3
ESXI-67-000043 - The ESXi host must log out of the console UI after two minutes.
VMware
DISA STIG VMware vSphere 6.7 ESXi v1r3
ESXI-70-000041 - The ESXi host must set a timeout to automatically disable idle shell sessions after two minutes.
VMware
DISA STIG VMware vSphere 7.0 ESXi v1r2
EX13-MB-000275 - The Exchange Receive connector timeout must be limited.
Windows
DISA Microsoft Exchange 2013 Mailbox Server STIG v2r2
EX16-MB-000550 - The Exchange Receive connector timeout must be limited.
Windows
DISA Microsoft Exchange 2016 Mailbox Server STIG v2r6
F5BI-AP-000147 - The BIG-IP APM module access policy profile must be configured to automatically terminate user sessions for users connected to virtual servers when organization-defined conditions or trigger events occur that require a session disconnect.
F5
DISA F5 BIG-IP Access Policy Manager STIG v2r3
F5BI-LT-000147 - The BIG-IP Core implementation must automatically terminate a user session for a user connected to virtual servers when organization-defined conditions or trigger events occur that require a session disconnect.
F5
DISA F5 BIG-IP Local Traffic Manager STIG v2r3