CCI|CCI-002361

Title

The information system automatically terminates a user session after organization-defined conditions or trigger events requiring session disconnect.

Reference Item Details

Reference: CCI - DISA Control Correlation Identifier

Category: 2013

Audit Items

View all Reference Audit Items

Name	Plugin	Audit Name
4.028 - The amount of idle time required before suspending a session must be properly set.	Windows	DISA Windows Vista STIG v6r41
5.3.19 Ensure SSH Idle Timeout Interval is configured - ClientAliveCountMax	Unix	CIS Red Hat Enterprise Linux 7 STIG v2.0.0 STIG
5.3.19 Ensure SSH Idle Timeout Interval is configured - ClientAliveInterval	Unix	CIS Red Hat Enterprise Linux 7 STIG v2.0.0 STIG
5.5.4 Ensure default user shell timeout is configured	Unix	CIS Red Hat Enterprise Linux 7 STIG v2.0.0 STIG
5.046 - Terminal Services is not configured to set a time limit for disconnected sessions.	Windows	DISA Windows Vista STIG v6r41
5.047 - Terminal Services idle session time limit does not meet the requirement.	Windows	DISA Windows Vista STIG v6r41
AIX7-00-002105 - AIX must config the SSH idle timeout interval.	Unix	DISA STIG AIX 7.x v2r9
AIX7-00-003003 - AIX must set inactivity time-out on login sessions and terminate all login sessions after 10 minutes of inactivity.	Unix	DISA STIG AIX 7.x v2r9
AS24-U1-000460 - The Apache web server must invalidate session identifiers upon hosted application user logout or other session termination.	Unix	DISA STIG Apache Server 2.4 Unix Server v2r6
AS24-U1-000460 - The Apache web server must invalidate session identifiers upon hosted application user logout or other session termination.	Unix	DISA STIG Apache Server 2.4 Unix Server v2r6 Middleware
AS24-U1-000650 - The Apache web server must set an inactive timeout for sessions - reqtimeout_module	Unix	DISA STIG Apache Server 2.4 Unix Server v2r6
AS24-U1-000650 - The Apache web server must set an inactive timeout for sessions - reqtimeout_module	Unix	DISA STIG Apache Server 2.4 Unix Server v2r6 Middleware
AS24-U1-000650 - The Apache web server must set an inactive timeout for sessions.	Unix	DISA STIG Apache Server 2.4 Unix Server v2r6
AS24-U1-000650 - The Apache web server must set an inactive timeout for sessions.	Unix	DISA STIG Apache Server 2.4 Unix Server v2r6 Middleware
AS24-W1-000640 - The Apache web server must set an absolute timeout for sessions.	Windows	DISA STIG Apache Server 2.4 Windows Server v2r3
AS24-W1-000650 - The Apache web server must set an inactive timeout for completing the TLS handshake - mod_reqtimeout	Windows	DISA STIG Apache Server 2.4 Windows Server v2r3
AS24-W1-000650 - The Apache web server must set an inactive timeout for completing the TLS handshake - RequestReadTimeout	Windows	DISA STIG Apache Server 2.4 Windows Server v2r3
AS24-W2-000640 - The Apache web server must set an absolute timeout for sessions.	Windows	DISA STIG Apache Server 2.4 Windows Site v2r1
AS24-W2-000650 - The Apache web server must set an inactive timeout for completing the TLS handshake - mod_reqtimeout	Windows	DISA STIG Apache Server 2.4 Windows Site v2r1
AS24-W2-000650 - The Apache web server must set an inactive timeout for completing the TLS handshake - RequestReadTimeout	Windows	DISA STIG Apache Server 2.4 Windows Site v2r1
Big Sur - Enforce Auto Logout After 24 Hours of Inactivity	Unix	NIST macOS Big Sur v1.4.0 - 800-53r4 High
Big Sur - Enforce Auto Logout After 24 Hours of Inactivity	Unix	NIST macOS Big Sur v1.4.0 - 800-53r5 High
Big Sur - Enforce Auto Logout After 24 Hours of Inactivity	Unix	NIST macOS Big Sur v1.4.0 - CNSSI 1253
Big Sur - Enforce Auto Logout After 24 Hours of Inactivity	Unix	NIST macOS Big Sur v1.4.0 - 800-53r5 Moderate
Big Sur - Enforce Auto Logout After 24 Hours of Inactivity	Unix	NIST macOS Big Sur v1.4.0 - 800-171
Big Sur - Enforce Auto Logout After 24 Hours of Inactivity	Unix	NIST macOS Big Sur v1.4.0 - 800-53r4 Moderate
Big Sur - Enforce Auto Logout After 24 Hours of Inactivity	Unix	NIST macOS Big Sur v1.4.0 - All Profiles
Catalina - Enforce Auto Logout After 24 Hours of Inactivity	Unix	NIST macOS Catalina v1.5.0 - CNSSI 1253
Catalina - Enforce Auto Logout After 24 Hours of Inactivity	Unix	NIST macOS Catalina v1.5.0 - 800-53r5 High
Catalina - Enforce Auto Logout After 24 Hours of Inactivity	Unix	NIST macOS Catalina v1.5.0 - 800-53r4 Moderate
Catalina - Enforce Auto Logout After 24 Hours of Inactivity	Unix	NIST macOS Catalina v1.5.0 - 800-53r5 Moderate
Catalina - Enforce Auto Logout After 24 Hours of Inactivity	Unix	NIST macOS Catalina v1.5.0 - 800-171
Catalina - Enforce Auto Logout After 24 Hours of Inactivity	Unix	NIST macOS Catalina v1.5.0 - All Profiles
Catalina - Enforce Auto Logout After 24 Hours of Inactivity	Unix	NIST macOS Catalina v1.5.0 - 800-53r4 High
DB2X-00-006400 - DB2 must automatically terminate a user session after organization-defined conditions or trigger events requiring session disconnect.	IBM_DB2DB	DISA STIG IBM DB2 v10.5 LUW v2r1 Database
DKER-EE-002490 - The Lifetime Minutes and Renewal Threshold Minutes Login Session Controls must be set to 10 and 0 respectively in Docker Enterprise - lifetime_minutes	Unix	DISA STIG Docker Enterprise 2.x Linux/Unix UCP v2r1
DKER-EE-002490 - The Lifetime Minutes and Renewal Threshold Minutes Login Session Controls must be set to 10 and 0 respectively in Docker Enterprise - renewal_threshold_minutes	Unix	DISA STIG Docker Enterprise 2.x Linux/Unix UCP v2r1
DKER-EE-002970 - The Docker Enterprise per user limit login session control must be set per the requirements in the System Security Plan (SSP).	Unix	DISA STIG Docker Enterprise 2.x Linux/Unix UCP v2r1
EP11-00-006700 - The EDB Postgres Advanced Server must automatically terminate a user session after organization-defined conditions or trigger events requiring session disconnect.	PostgreSQLDB	EDB PostgreSQL Advanced Server v11 DB Audit v2r2
ESXI-06-100041 - The VMM must automatically terminate a user session after inactivity timeouts have expired or at shutdown by setting an idle timeout.	VMware	DISA STIG VMware vSphere 6.x ESXi v1r5
ESXI-06-100042 - The VMM must automatically terminate a user session after inactivity timeouts have expired or at shutdown by setting an idle timeout on shell services.	VMware	DISA STIG VMware vSphere 6.x ESXi v1r5
ESXI-06-100043 - The VMM must automatically terminate a user session after inactivity timeouts have expired or at shutdown.	VMware	DISA STIG VMware vSphere 6.x ESXi v1r5
ESXI-67-000041 - The ESXi host must set a timeout to automatically disable idle shell sessions after two minutes.	VMware	DISA STIG VMware vSphere 6.7 ESXi v1r3
ESXI-67-000042 - The ESXi host must terminate shell services after 10 minutes.	VMware	DISA STIG VMware vSphere 6.7 ESXi v1r3
ESXI-67-000043 - The ESXi host must log out of the console UI after two minutes.	VMware	DISA STIG VMware vSphere 6.7 ESXi v1r3
ESXI-70-000041 - The ESXi host must set a timeout to automatically disable idle shell sessions after two minutes.	VMware	DISA STIG VMware vSphere 7.0 ESXi v1r2
EX13-MB-000275 - The Exchange Receive connector timeout must be limited.	Windows	DISA Microsoft Exchange 2013 Mailbox Server STIG v2r2
EX16-MB-000550 - The Exchange Receive connector timeout must be limited.	Windows	DISA Microsoft Exchange 2016 Mailbox Server STIG v2r6
F5BI-AP-000147 - The BIG-IP APM module access policy profile must be configured to automatically terminate user sessions for users connected to virtual servers when organization-defined conditions or trigger events occur that require a session disconnect.	F5	DISA F5 BIG-IP Access Policy Manager STIG v2r3
F5BI-LT-000147 - The BIG-IP Core implementation must automatically terminate a user session for a user connected to virtual servers when organization-defined conditions or trigger events occur that require a session disconnect.	F5	DISA F5 BIG-IP Local Traffic Manager STIG v2r3

Detections

Analytics

CCI|CCI-002361

Title

Reference Item Details

Audit Items