STIGs RMF Controls Compare

STIGhub

A free tool to search and browse the entire DISA STIG library. Saves up to 75% in security compliance research time.

Navigation

Browse STIGs
Search
RMF Controls
Compare Versions

Resources

About
Release Notes
VPAT
DISA STIG Library

STIGs updated 2 hours ago

Powered by Pylon

© 2026 Beacon Cloud Solutions, Inc. All rights reserved.

← AC-10 — Concurrent Session Control

CCI-000054

Definition

Limit the number of concurrent sessions for each organization-defined account and/or account type to an organization-defined number.

Parent Control

AC-10Concurrent Session ControlAccess Control

Linked STIG Checks (200)

V-255587CAT IIThe A10 Networks ADC must limit the number of concurrent sessions to one (1) for each administrator account and/or administrator account type.A10 Networks ADC NDM Security Technical Implementation Guide V-279030CAT IIIColdFusion must limit concurrent sessions to the Administrator Console.Adobe ColdFusion Security Technical Implementation Guide V-274141CAT IIIAmazon Linux 2023 must limit the number of concurrent sessions to ten for all accounts and/or account types.Amazon Linux 2023 Security Technical Implementation Guide V-268085CAT IIINixOS must be configured to limit the number of concurrent sessions to 10 for all accounts and/or account types.Anduril NixOS Security Technical Implementation Guide V-214228CAT IIThe Apache web server must limit the number of allowed simultaneous session requests.Apache Server 2.4 UNIX Server Security Technical Implementation Guide V-214229CAT IIThe Apache web server must perform server-side session management.Apache Server 2.4 UNIX Server Security Technical Implementation Guide V-214277CAT IIThe Apache web server must perform server-side session management.Apache Server 2.4 UNIX Site Security Technical Implementation Guide V-214306CAT IIThe Apache web server must limit the number of allowed simultaneous session requests.Apache Server 2.4 Windows Server Security Technical Implementation Guide V-214307CAT IIThe Apache web server must perform server-side session management.Apache Server 2.4 Windows Server Security Technical Implementation Guide V-222926CAT IIIThe number of allowed simultaneous sessions to the manager application must be limited.Apache Tomcat Application Server 9 Security Technical Implementation Guide V-204922CAT IIThe ALG providing user access control intermediary services must limit the number of concurrent sessions to an organization-defined number for all accounts and/or account types.Application Layer Gateway Security Requirements Guide V-222387CAT IIThe application must provide a capability to limit the number of logon sessions per user.Application Security and Development Security Technical Implementation Guide V-204708CAT IIThe application server must limit the number of concurrent sessions to an organization-defined number for all accounts and/or account types.Application Server Security Requirements Guide V-272627CAT IIICylanceON-PREM must be configured to use a third-party identity provider.Arctic Wolf CylanceON-PREM Security Technical Implementation Guide V-255947CAT IIThe Arista network device must limit the number of concurrent sessions to an organization-defined number for each administrator account and/or administrator account type.Arista MLS EOS 4.2x NDM Security Technical Implementation Guide V-255947CAT IIThe Arista network device must limit the number of concurrent sessions to an organization-defined number for each administrator account and/or administrator account type.Arista MLS EOS 4.X NDM Security Technical Implementation Guide V-256839CAT IICompliance Guardian must limit the number of concurrent sessions to an organization-defined number for all accounts and/or account types.AvePoint Compliance Guardian Security Technical Implementation Guide V-253510CAT IIDocAve must limit the number of concurrent sessions to an organization-defined number for all accounts and/or account types.AvePoint DocAve 6 Security Technical Implementation Guide V-276001CAT IIAx-OS must limit the number of concurrent sessions to 10 for all accounts and/or account types.Axonius Federal Systems Ax-OS Security Technical Implementation Guide V-272364CAT IIA BIND 9.x primary name server must limit the number of concurrent zone transfers between authorized secondary name servers.BIND 9.x Security Technical Implementation Guide V-272365CAT IIThe BIND 9.x secondary name server must limit the number of zones requested from a single primary name server.BIND 9.x Security Technical Implementation Guide V-272366CAT IIThe BIND 9.x secondary name server must limit the total number of zones the name server can request at any one time.BIND 9.x Security Technical Implementation Guide V-272367CAT IIThe BIND 9.x server implementation must limit the number of concurrent session client connections.BIND 9.x Security Technical Implementation Guide V-275939CAT IIThe BIND 9.x server implementation must limit the number of allowed dynamic update clients.BIND 9.x Security Technical Implementation Guide V-237348CAT IIThe CA API Gateway providing user access control intermediary services must limit users to two concurrent sessions.CA API Gateway ALG Security Technical Implementation Guide V-251582CAT IIFor interactive sessions, IDMS must limit the number of concurrent sessions for the same user to one or allow unlimited sessions.CA IDMS Security Technical Implementation Guide V-251652CAT IIThe DBMS must develop a procedure to limit the number of concurrent sessions to an organization-defined number per user for all accounts and/or account types.CA IDMS Security Technical Implementation Guide V-219301CAT IIIThe Ubuntu operating system must limit the number of concurrent sessions to ten for all accounts and/or account types.Canonical Ubuntu 18.04 LTS Security Technical Implementation Guide V-238323CAT IIIThe Ubuntu operating system must limit the number of concurrent sessions to ten for all accounts and/or account types.Canonical Ubuntu 20.04 LTS Security Technical Implementation Guide V-260552CAT IIIUbuntu 22.04 LTS must limit the number of concurrent sessions to ten for all accounts and/or account types.Canonical Ubuntu 22.04 LTS Security Technical Implementation Guide V-270677CAT IIIUbuntu 24.04 LTS must limit the number of concurrent sessions to 10 for all accounts and/or account types.Canonical Ubuntu 24.04 LTS Security Technical Implementation Guide V-271924CAT IThe Cisco APIC must be configured to use at least two authentication servers for the purpose of authenticating users prior to granting administrative access.Cisco ACI NDM Security Technical Implementation Guide V-271975CAT IIThe Cisco ACI must limit the number of concurrent sessions to one for each administrator account.Cisco ACI NDM Security Technical Implementation Guide V-239896CAT IIThe Cisco ASA must be configured to limit the number of concurrent management sessions to an organization-defined number.Cisco ASA NDM Security Technical Implementation Guide V-215662CAT IIThe Cisco router must be configured to limit the number of concurrent management sessions to an organization-defined number.Cisco IOS Router NDM Security Technical Implementation Guide V-220570CAT IIThe Cisco switch must be configured to limit the number of concurrent management sessions to an organization-defined number.Cisco IOS Switch NDM Security Technical Implementation Guide V-215807CAT IIThe Cisco router must be configured to limit the number of concurrent management sessions to an organization-defined number.Cisco IOS XE Router NDM Security Technical Implementation Guide V-220518CAT IIThe Cisco switch must be configured to limit the number of concurrent management sessions to an organization-defined number.Cisco IOS XE Switch NDM Security Technical Implementation Guide V-216522CAT IIThe Cisco router must be configured to limit the number of concurrent management sessions to an organization-defined number.Cisco IOS XR Router NDM Security Technical Implementation Guide V-242607CAT IIIThe Cisco ISE must limit the number of CLI and GUI sessions to an organization-defined number.Cisco ISE NDM Security Technical Implementation Guide V-220474CAT IIThe Cisco switch must be configured to limit the number of concurrent management sessions to an organization-defined number.Cisco NX OS Switch NDM Security Technical Implementation Guide V-234255CAT IIThe application must limit the number of concurrent sessions to three.Citrix Virtual Apps and Desktop 7.x Linux Virtual Delivery Agent Security Technical Implementation Guide V-213195CAT IIDelivery Controller must limit the number of concurrent sessions to an organization-defined number for all accounts and/or account types.Citrix XenDesktop 7.x Delivery Controller Security Technical Implementation Guide V-269102CAT IIIAlmaLinux OS 9 must limit the number of concurrent sessions to ten for all accounts and/or account types.Cloud Linux AlmaLinux OS 9 Security Technical Implementation Guide V-233522CAT IIPostgreSQL must limit the number of concurrent sessions to an organization-defined number per user for all accounts and/or account types.Crunchy Data PostgreSQL Security Technical Implementation Guide V-261857CAT IIPostgreSQL must limit the number of concurrent sessions to an organization-defined number per user for all accounts and/or account types.Crunchy Data Postgres 16 Security Technical Implementation Guide V-206519CAT IIThe DBMS must limit the number of concurrent sessions to an organization-defined number per user for all accounts and/or account types.Database Security Requirements Guide V-269768CAT IIThe Dell OS10 Switch must limit the number of concurrent sessions to an organization-defined number for each administrator account and/or administrator account type.Dell OS10 Switch NDM Security Technical Implementation Guide V-235775CAT IIIThe Docker Enterprise Per User Limit Login Session Control in the Universal Control Plane (UCP) Admin Settings must be set to an organization-defined value for all accounts and/or account types.Docker Enterprise 2.x Linux/UNIX Security Technical Implementation Guide V-205157CAT IIThe DNS implementation must limit the number of concurrent sessions for zone transfers to the number of secondary name servers.Domain Name System (DNS) Security Requirements Guide V-205158CAT IIThe DNS implementation must limit the number of concurrent sessions client connections to the number of allowed dynamic update clients.Domain Name System (DNS) Security Requirements Guide V-224130CAT IIThe EDB Postgres Advanced Server must limit the number of concurrent sessions to an organization-defined number per user for all accounts and/or account types.EDB Postgres Advanced Server v11 on Windows Security Technical Implementation Guide V-213561CAT IIThe EDB Postgres Advanced Server must limit the number of concurrent sessions to an organization-defined number per user for all accounts and/or account types.EDB Postgres Advanced Server v9.6 Security Technical Implementation Guide V-259954CAT IIThe Enterprise Voice, Video, and Messaging Endpoint must be configured to limit the number of concurrent sessions to an organizationally defined number.Enterprise Voice, Video, and Messaging Endpoint Security Requirements Guide V-259994CAT IIThe Enterprise Voice, Video, and Messaging Session Manager must limit the number of concurrent management sessions to an organizationally defined limit.Enterprise Voice, Video, and Messaging Session Management Security Requirements Guide V-259210CAT IIThe EDB Postgres Advanced Server must limit the number of concurrent sessions to an organization-defined number per user for all accounts and/or account types.EnterpriseDB Postgres Advanced Server (EPAS) Security Technical Implementation Guide V-260056CAT IIIThe F5 BIG-IP appliance must be configured to set the "Max In Progress Sessions per Client IP" value to 10 or less.F5 BIG-IP Access Policy Manager Security Technical Implementation Guide V-217381CAT IIThe BIG-IP appliance must limit the number of concurrent sessions to the Configuration Utility to 10 or an organization-defined number.F5 BIG-IP Device Management Security Technical Implementation Guide V-215744CAT IThe BIG-IP Core implementation must be configured to limit the number of concurrent sessions to an organization-defined number for virtual servers.F5 BIG-IP Local Traffic Manager Security Technical Implementation Guide V-266137CAT IIThe F5 BIG-IP appliance providing user access control intermediary services must limit the number of concurrent sessions to one or an organization-defined number for each access profile.F5 BIG-IP TMOS ALG Security Technical Implementation Guide V-266175CAT IIIThe F5 BIG-IP appliance must be configured to set the "Max In Progress Sessions per Client IP" value to 10 or an organizational-defined number.F5 BIG-IP TMOS ALG Security Technical Implementation Guide V-266064CAT IIThe F5 BIG-IP appliance must be configured to limit the number of concurrent sessions to the Configuration Utility to 10 or an organization-defined number.F5 BIG-IP TMOS NDM Security Technical Implementation Guide V-278380CAT IINGINX must limit the number of concurrent sessions to an organization-defined number for all accounts and/or account types.F5 NGINX Security Technical Implementation Guide V-255657CAT IIICounterACT must limit the number of concurrent sessions to an organization-defined number for each administrator account type.ForeScout CounterACT NDM Security Technical Implementation Guide V-230930CAT IIIForescout must limit the number of concurrent sessions to one for each administrator account.Forescout Network Device Management Security Technical Implementation Guide V-234219CAT IIThe FortiGate device must limit the number of logon and user sessions.Fortinet FortiGate Firewall NDM Security Technical Implementation Guide V-203597CAT IIIThe operating system must limit the number of concurrent sessions to ten for all accounts and/or account types.General Purpose Operating System Security Requirements Guide V-217426CAT IIIThe HP FlexFabric Switch must limit the number of concurrent sessions to an organization-defined number for each administrator account and/or administrator account type.HP FlexFabric Switch NDM Security Technical Implementation Guide V-255252CAT IISSMC web server must limit the number of allowed simultaneous session requests.HPE 3PAR SSMC Web Server Security Technical Implementation Guide V-266903CAT IIAOS must limit the number of concurrent sessions to a maximum of three for each administrator account and/or administrator account type.HPE Aruba Networking AOS NDM Security Technical Implementation Guide V-266993CAT IIAOS, when used as a VPN Gateway, must limit the number of concurrent sessions for user accounts to one or to an organization-defined number.HPE Aruba Networking AOS VPN Security Technical Implementation Guide V-252201CAT IIThe HPE Nimble must limit the number of concurrent sessions to an organization-defined number for each administrator account.HPE Nimble Storage Array NDM Security Technical Implementation Guide V-268219CAT IIThe HYCU virtual appliance must limit the number of concurrent sessions to an organization-defined number for each administrator account and/or administrator account type.HYCU Protege Security Technical Implementation Guide V-215172CAT IIAIX must limit the number of concurrent sessions to 10 for all accounts and/or account types.IBM AIX 7.x Security Technical Implementation Guide V-252566CAT IIIBM Aspera Console must prevent concurrent logins for all accounts.IBM Aspera Platform 4.2 Security Technical Implementation Guide V-252582CAT IIIBM Aspera Faspex must prevent concurrent logins for all accounts.IBM Aspera Platform 4.2 Security Technical Implementation Guide V-252620CAT IIThe IBM Aspera High-Speed Transfer Endpoint must limit the number of concurrent sessions to an organization-defined number for all accounts and/or account types.IBM Aspera Platform 4.2 Security Technical Implementation Guide V-252636CAT IIThe IBM Aspera High-Speed Transfer Server must limit the number of concurrent sessions to an organization-defined number for all accounts and/or account types.IBM Aspera Platform 4.2 Security Technical Implementation Guide V-213670CAT IIDB2 must limit the number of concurrent sessions to an organization-defined number per user for all accounts and/or account types.IBM DB2 V10.5 LUW Security Technical Implementation Guide V-255787CAT IIThe MQ Appliance messaging server must protect against or limit the effects of all types of Denial of Service (DoS) attacks by employing operationally-defined security safeguards.IBM MQ Appliance V9.0 AS Security Technical Implementation Guide V-255726CAT IIAccess to the MQ Appliance network device must limit the number of concurrent sessions to an organization-defined number for each administrator account and/or administrator account type.IBM MQ Appliance v9.0 NDM Security Technical Implementation Guide V-250322CAT IIMaximum in-memory session count must be set according to application requirements.IBM WebSphere Liberty Server Security Technical Implementation Guide V-255818CAT IIThe WebSphere Application Server maximum in-memory session count must be set according to application requirements.IBM WebSphere Traditional V9.x Security Technical Implementation Guide V-224760CAT IIThe ISEC7 SPHERE must limit the number of concurrent sessions to an organization-defined number for all accounts and/or account types.ISEC7 Sphere Security Technical Implementation Guide V-214159CAT IIIInfoblox systems which perform zone transfers to non-Infoblox Grid DNS servers must be configured to limit the number of concurrent sessions for zone transfers.Infoblox 7.x DNS Security Technical Implementation Guide V-214161CAT IIThe Infoblox system must limit the number of concurrent client connections to the number of allowed dynamic update clients.Infoblox 7.x DNS Security Technical Implementation Guide V-233855CAT IIInfoblox systems that perform zone transfers to non-Grid DNS service members must limit the number of concurrent sessions for zone transfers.Infoblox 8.x DNS Security Technical Implementation Guide V-233856CAT IIThe Infoblox system must limit the number of concurrent client connections to the number of allowed dynamic update clients.Infoblox 8.x DNS Security Technical Implementation Guide V-258622CAT IIThe ICS must be configured to limit the number of concurrent sessions to an organization-defined number for each administrator account and/or administrator account type.Ivanti Connect Secure NDM Security Technical Implementation Guide V-258585CAT IIThe ICS must be configured to limit the number of concurrent sessions for user accounts to one.Ivanti Connect Secure VPN Security Technical Implementation Guide V-251400CAT IIThe Ivanti EPMM server must limit the number of concurrent sessions per privileged user account to three or less concurrent sessions.Ivanti EPMM Server Security Technical Implementation Guide V-251400CAT IIThe Ivanti MobileIron Core server must limit the number of concurrent sessions per privileged user account to three or less concurrent sessions.Ivanti MobileIron Core MDM Server Security Technical Implementation Guide V-250982CAT IIMobileIron Sentry must limit the number of concurrent sessions for the CLISH interface to an organization-defined number for each administrator account and/or administrator account type.Ivanti MobileIron Sentry 9.x NDM Security Technical Implementation Guide V-250983CAT IIMobileIron Sentry must be configured to limit the network access of the Sentry System Manager Portal behind the corporate firewall and whitelist source IP range.Ivanti MobileIron Sentry 9.x NDM Security Technical Implementation Guide V-250982CAT IISentry must limit the number of concurrent sessions for the CLISH interface to an organization-defined number for each administrator account and/or administrator account type.Ivanti Sentry 9.x NDM Security Technical Implementation Guide V-250983CAT IISentry must be configured to limit the network access of the Sentry System Manager Portal behind the corporate firewall and whitelist source IP range.Ivanti Sentry 9.x NDM Security Technical Implementation Guide V-253878CAT IIThe Juniper EX switch must be configured to limit the number of concurrent management sessions to 10 or an organization-defined value.Juniper EX Series Switches Network Device Management Security Technical Implementation Guide V-217305CAT IIThe Juniper router must be configured to limit the number of concurrent management sessions to an organization-defined number.Juniper Router NDM Security Technical Implementation Guide V-66549CAT IIIThe Juniper SRX Services Gateway must limit the number of concurrent sessions to a maximum of 10 or less for remote access using SSH.Juniper SRX SG NDM Security Technical Implementation Guide V-66629CAT IIThe Juniper SRX Services Gateway VPN must limit the number of concurrent sessions for user accounts to one (1) and administrative accounts to three (3), or set to an organization-defined number.Juniper SRX SG VPN Security Technical Implementation Guide V-223180CAT IIIThe Juniper SRX Services Gateway must limit the number of concurrent sessions to a maximum of 10 or less for remote access using SSH.Juniper SRX Services Gateway NDM Security Technical Implementation Guide V-214668CAT IIThe Juniper SRX Services Gateway VPN must limit the number of concurrent sessions for user accounts to one (1) and administrative accounts to three (3), or set to an organization-defined number.Juniper SRX Services Gateway VPN Security Technical Implementation Guide V-213807CAT IIThe number of concurrent SQL Server sessions for each system account must be limited.MS SQL Server 2014 Instance Security Technical Implementation Guide V-213929CAT IISQL Server must limit the number of concurrent sessions to an organization-defined number per user for all accounts and/or account types.MS SQL Server 2016 Instance Security Technical Implementation Guide V-205439CAT IIThe Mainframe Product must limit the number of concurrent sessions to three for all accounts and/or account types.Mainframe Product Security Requirements Guide V-253666CAT IIIMariaDB must limit the number of concurrent sessions to an organization-defined number per user for all accounts and/or account types.MariaDB Enterprise 10.x Security Technical Implementation Guide V-220339CAT IIIMarkLogic Server must limit the number of concurrent sessions to an organization-defined number per user for all accounts and/or account types.MarkLogic Server v9 Security Technical Implementation Guide V-221202CAT IIExchange must limit the Receive connector timeout.Microsoft Exchange 2016 Edge Transport Server Security Technical Implementation Guide V-218826CAT IIThe IIS 10.0 websites MaxConnections setting must be configured to limit the number of allowed simultaneous session requests.Microsoft IIS 10.0 Server Security Technical Implementation Guide V-218736CAT IIThe IIS 10.0 website session state cookie settings must be configured to Use Cookies mode.Microsoft IIS 10.0 Site Security Technical Implementation Guide V-271263CAT IISQL Server must limit the number of concurrent sessions to an organization-defined number per user for all accounts and/or account types.Microsoft SQL Server 2022 Instance Security Technical Implementation Guide V-215647CAT IIThe Windows 2012 DNS Server must restrict incoming dynamic update requests to known clients.Microsoft Windows 2012 Server Domain Name System Security Technical Implementation Guide V-259334CAT IIThe Windows DNS Server must restrict incoming dynamic update requests to known clients.Microsoft Windows Server Domain Name System (DNS) Security Technical Implementation Guide V-259365CAT IIThe Windows DNS primary server must only send zone transfers to a specific list of secondary name servers.Microsoft Windows Server Domain Name System (DNS) Security Technical Implementation Guide V-252148CAT IIMongoDB must limit the total number of concurrent connections to the database.MongoDB Enterprise Advanced 4.x Security Technical Implementation Guide V-265973CAT IIMongoDB must limit the total number of concurrent connections to the database.MongoDB Enterprise Advanced 7.x Security Technical Implementation Guide V-279331CAT IIIMongoDB must limit the total number of concurrent connections to the database.MongoDB Enterprise Advanced 8.x Security Technical Implementation Guide V-246922CAT IIONTAP must be configured to limit the number of concurrent sessions.NetApp ONTAP DSC 9.x Security Technical Implementation Guide V-202140CAT IIThe network device must limit the number of concurrent sessions to an organization-defined number for each administrator account and/or administrator account type.Network Device Management Security Requirements Guide V-254120CAT IINutanix AOS must limit the number of concurrent sessions to ten for all accounts and/or account types.Nutanix AOS 5.20.x OS Security Technical Implementation Guide V-279415CAT IINutanix AOS must limit the number of concurrent sessions to 10 for all accounts and/or account types.Nutanix Acropolis Application Server Security Technical Implementation Guide V-279528CAT IIINutanix OS must limit the number of concurrent sessions to 10 for all accounts and/or account types.Nutanix Acropolis GPOS Security Technical Implementation Guide V-219748CAT IIThe DBMS must limit the number of concurrent sessions for each system account to an organization-defined number of sessions.Oracle Database 11.2g Security Technical Implementation Guide V-238477CAT IIThe DBMS must protect against or limit the effects of the organization-defined types of Denial of Service (DoS) attacks.Oracle Database 11.2g Security Technical Implementation Guide V-220264CAT IIThe DBMS must limit the number of concurrent sessions for each system account to an organization-defined number of sessions.Oracle Database 12c Security Technical Implementation Guide V-270495CAT IIOracle Database must limit the number of concurrent sessions for each system account to an organization-defined number of sessions.Oracle Database 19c Security Technical Implementation Guide V-270496CAT IIOracle Database must protect against or limit the effects of organization-defined types of denial-of-service (DoS) attacks.Oracle Database 19c Security Technical Implementation Guide V-221272CAT IIOHS must have the mpm property set to use the worker Multi-Processing Module (MPM) as the preferred means to limit the number of allowed simultaneous requests.Oracle HTTP Server 12.1.3 Security Technical Implementation Guide V-221273CAT IIOHS must have the mpm_prefork_module directive disabled so as not conflict with the worker directive used to limit the number of allowed simultaneous requests.Oracle HTTP Server 12.1.3 Security Technical Implementation Guide V-221274CAT IIOHS must have the MaxClients directive defined to limit the number of allowed simultaneous requests.Oracle HTTP Server 12.1.3 Security Technical Implementation Guide V-221275CAT IIOHS must limit the number of threads within a worker process to limit the number of allowed simultaneous requests.Oracle HTTP Server 12.1.3 Security Technical Implementation Guide V-221276CAT IIOHS must limit the number of worker processes to limit the number of allowed simultaneous requests.Oracle HTTP Server 12.1.3 Security Technical Implementation Guide V-252204CAT IIOHS must capture, record, and log all content related to a user session.Oracle HTTP Server 12.1.3 Security Technical Implementation Guide V-252205CAT IOHS must have the LoadModule ossl_module directive enabled to implement required cryptographic protections using cryptographic modules complying with applicable federal laws, Executive Orders, directives, policies, regulations, standards, and guidance when encrypting data that must be compartmentalized.Oracle HTTP Server 12.1.3 Security Technical Implementation Guide V-221838CAT IIIThe Oracle Linux operating system must limit the number of concurrent sessions to 10 for all accounts and/or account types.Oracle Linux 7 Security Technical Implementation Guide V-248666CAT IIIOL 8 must limit the number of concurrent sessions to 10 for all accounts and/or account types.Oracle Linux 8 Security Technical Implementation Guide V-271753CAT IIIOL 9 must limit the number of concurrent sessions to ten for all accounts and/or account types.Oracle Linux 9 Security Technical Implementation Guide V-235096CAT IIMySQL Database Server 8.0 must limit the number of concurrent sessions to an organization-defined number per user for all accounts and/or account types.Oracle MySQL 8.0 Security Technical Implementation Guide V-214059CAT IIPostgreSQL must limit the number of concurrent sessions to an organization-defined number per user for all accounts and/or account types.PostgreSQL 9.x Security Technical Implementation Guide V-256896CAT IIAutomation Controller must limit the number of concurrent sessions to an organization-defined number for all accounts and/or account types.Red Hat Ansible Automation Controller Application Server Security Technical Implementation Guide V-281203CAT IIIRHEL 10 must limit the number of concurrent sessions to 10 for all accounts and/or account types.Red Hat Enterprise Linux 10 Security Technical Implementation Guide V-204576CAT IIIThe Red Hat Enterprise Linux operating system must limit the number of concurrent sessions to 10 for all accounts and/or account types.Red Hat Enterprise Linux 7 Security Technical Implementation Guide V-230346CAT IIIRHEL 8 must limit the number of concurrent sessions to ten for all accounts and/or account types.Red Hat Enterprise Linux 8 Security Technical Implementation Guide V-258069CAT IIIRHEL 9 must limit the number of concurrent sessions to ten for all accounts and/or account types.Red Hat Enterprise Linux 9 Security Technical Implementation Guide V-251183CAT IIIRedis Enterprise DBMS must limit the number of concurrent sessions to an organization-defined number per user for all accounts and/or account types.Redis Enterprise 6.x Security Technical Implementation Guide V-256071CAT IIIThe Riverbed NetProfiler must be configured to limit the number of concurrent sessions to one for the locally defined administrator account.Riverbed NetProfiler Security Technical Implementation Guide V-261367CAT IIISLEM 5 must limit the number of concurrent sessions to 10 for all accounts and/or account types.SUSE Linux Enterprise Micro (SLEM) 5 Security Technical Implementation Guide V-217113CAT IIIThe SUSE operating system must limit the number of concurrent sessions to 10 for all accounts and/or account types.SUSE Linux Enterprise Server 12 Security Technical Implementation Guide V-22298CAT IIIThe system must limit users to 10 simultaneous system logins, or a site-defined number, in accordance with operational requirements.SUSE Linux Enterprise Server v11 for System z Security Technical Implementation Guide V-22482CAT IIIThe SSH daemon must limit connections to a single session.SUSE Linux Enterprise Server v11 for System z Security Technical Implementation Guide V-225654CAT IIThe Samsung SDS EMM must limit the number of concurrent sessions to one session for all accounts and/or account types.Samsung SDS EMM Security Technical Implementation Guide V-216367CAT IIIThe operating system must limit the number of concurrent sessions for each account to an organization-defined number of sessions.Solaris 11 SPARC Security Technical Implementation Guide V-216130CAT IIIThe operating system must limit the number of concurrent sessions for each account to an organization-defined number of sessions.Solaris 11 X86 Security Technical Implementation Guide V-279176CAT IIThe Edge SWG must limit the number of concurrent sessions to an organization-defined number for all accounts and/or account types.Symantec Edge SWG ALG Security Technical Implementation Guide V-279274CAT IIThe Edge SWG must limit the number of concurrent management sessions to a maximum of three.Symantec Edge SWG NDM Security Technical Implementation Guide V-241052CAT IIThe Tanium max_soap_sessions_total setting must be explicitly enabled to limit the number of simultaneous sessions.Tanium 7.0 Security Technical Implementation Guide V-241053CAT IIThe Tanium max_soap_sessions_per_user setting must be explicitly enabled to limit the number of simultaneous sessions.Tanium 7.0 Security Technical Implementation Guide V-241054CAT IIThe Tanium soap_max_keep_alive setting must be explicitly enabled to limit the number of simultaneous sessions.Tanium 7.0 Security Technical Implementation Guide V-234111CAT IIThe Tanium max_soap_sessions_total setting must be explicitly enabled to limit the number of simultaneous sessions.Tanium 7.3 Security Technical Implementation Guide V-234112CAT IIThe Tanium max_soap_sessions_per_user setting must be explicitly enabled to limit the number of simultaneous sessions.Tanium 7.3 Security Technical Implementation Guide V-234113CAT IIThe Tanium soap_max_keep_alive setting must be explicitly enabled to limit the number of simultaneous sessions.Tanium 7.3 Security Technical Implementation Guide V-254874CAT IIThe Tanium max_soap_sessions_total setting must be explicitly enabled to limit the number of simultaneous sessions.Tanium 7.x Application on TanOS Security Technical Implementation Guide V-254875CAT IIThe Tanium max_soap_sessions_per_user setting must be explicitly enabled to limit the number of simultaneous sessions.Tanium 7.x Application on TanOS Security Technical Implementation Guide V-254841CAT IIThe Tanium Operating System (TanOS) must limit the number of concurrent sessions to an organization-defined number for all accounts and/or account types.Tanium 7.x Operating System on TanOS Security Technical Implementation Guide V-253863CAT IIThe Tanium "max_soap_sessions_total" setting must be explicitly enabled to limit the number of simultaneous sessions.Tanium 7.x Security Technical Implementation Guide V-253864CAT IIThe Tanium "max_soap_sessions_per_user" setting must be explicitly enabled to limit the number of simultaneous sessions.Tanium 7.x Security Technical Implementation Guide V-241108CAT IITrend Deep Security must limit the number of concurrent sessions to an organization-defined number for all accounts and/or account types.Trend Micro Deep Security 9.x Security Technical Implementation Guide V-242231CAT IIIThe TippingPoint SMS must limit the maximum number of concurrent active sessions to one for the account of last resort.Trend Micro TippingPoint NDM Security Technical Implementation Guide V-242232CAT IIIThe TippingPoint SMS must limit total number of user sessions for privileged uses to a maximum of 10.Trend Micro TippingPoint NDM Security Technical Implementation Guide V-242233CAT IIIThe TippingPoint SMS must disable auto reconnect after disconnect.Trend Micro TippingPoint NDM Security Technical Implementation Guide V-252947CAT IIITOSS must limit the number of concurrent sessions to 256 for all accounts and/or account types.Tri-Lab Operating System Stack (TOSS) 4 Security Technical Implementation Guide V-282371CAT IIITOSS 5 must limit the number of concurrent sessions to 256 for all accounts and/or account types.Tri-Lab Operating System Stack (TOSS) 5 Security Technical Implementation Guide V-234275CAT IIThe UEM server must limit the number of concurrent sessions per privileged user account to three or less concurrent sessions.Unified Endpoint Management Server Security Requirements Guide V-240039CAT IIHAProxy must limit the amount of time that an http request can be received.VMW vRealize Automation 7.x HA Proxy Security Technical Implementation Guide V-240040CAT IIHAProxy must enable cookie-based persistence in a backend.VMW vRealize Automation 7.x HA Proxy Security Technical Implementation Guide V-240343CAT IIvRA PostgreSQL must limit the number of connections.VMW vRealize Automation 7.x PostgreSQL Security Technical Implementation Guide V-239772CAT IIThe vROps PostgreSQL DB must limit the number of concurrent sessions to an organization-defined number per user for all accounts and/or account types.VMW vRealize Operations Manager 6.x PostgreSQL Security Technical Implementation Guide V-246882CAT IIThe Horizon Connection Server must limit the number of concurrent client sessions.VMware Horizon 7.13 Connection Server Security Technical Implementation Guide V-265346CAT IIThe NSX Manager must be configured to protect against denial-of-service (DoS) attacks by limit the number of concurrent sessions to an organization-defined number.VMware NSX 4.x Manager NDM Security Technical Implementation Guide V-240215CAT IILighttpd must limit the number of simultaneous requests.VMware vRealize Automation 7.x Lighttpd Security Technical Implementation Guide V-240349CAT IIIThe SLES for vRealize must limit the number of concurrent sessions to 10 for all accounts and/or account types.VMware vRealize Automation 7.x SLES Security Technical Implementation Guide V-240725CAT IItc Server HORIZON must limit the number of maximum concurrent connections permitted.VMware vRealize Automation 7.x tc Server Security Technical Implementation Guide V-240726CAT IItc Server VCO must limit the number of maximum concurrent connections permitted.VMware vRealize Automation 7.x tc Server Security Technical Implementation Guide V-240727CAT IItc Server VCAC must limit the number of maximum concurrent connections permitted.VMware vRealize Automation 7.x tc Server Security Technical Implementation Guide V-240728CAT IItc Server HORIZON must limit the amount of time that each TCP connection is kept alive.VMware vRealize Automation 7.x tc Server Security Technical Implementation Guide V-240729CAT IItc Server VCO must limit the amount of time that each TCP connection is kept alive.VMware vRealize Automation 7.x tc Server Security Technical Implementation Guide V-240730CAT IItc Server VCAC must limit the amount of time that each TCP connection is kept alive.VMware vRealize Automation 7.x tc Server Security Technical Implementation Guide V-240731CAT IItc Server HORIZON must limit the number of times that each TCP connection is kept alive.VMware vRealize Automation 7.x tc Server Security Technical Implementation Guide V-240732CAT IItc Server VCO must limit the number of times that each TCP connection is kept alive.VMware vRealize Automation 7.x tc Server Security Technical Implementation Guide V-240733CAT IItc Server VCAC must limit the number of times that each TCP connection is kept alive.VMware vRealize Automation 7.x tc Server Security Technical Implementation Guide V-240734CAT IItc Server HORIZON must perform server-side session management.VMware vRealize Automation 7.x tc Server Security Technical Implementation Guide V-240735CAT IItc Server VCO must perform server-side session management.VMware vRealize Automation 7.x tc Server Security Technical Implementation Guide V-240736CAT IItc Server VCAC must perform server-side session management.VMware vRealize Automation 7.x tc Server Security Technical Implementation Guide V-239447CAT IIIThe SLES for vRealize must limit the number of concurrent sessions to ten for all accounts and/or account types.VMware vRealize Operations Manager 6.x SLES Security Technical Implementation Guide V-241573CAT IItc Server UI must limit the number of maximum concurrent connections permitted.VMware vRealize Operations Manager 6.x tc Server Security Technical Implementation Guide V-241574CAT IItc Server CaSa must limit the number of maximum concurrent connections permitted.VMware vRealize Operations Manager 6.x tc Server Security Technical Implementation Guide V-241575CAT IItc Server API must limit the number of maximum concurrent connections permitted.VMware vRealize Operations Manager 6.x tc Server Security Technical Implementation Guide V-241576CAT IItc Server UI must limit the amount of time that each TCP connection is kept alive.VMware vRealize Operations Manager 6.x tc Server Security Technical Implementation Guide V-241577CAT IItc Server CaSa must limit the amount of time that each TCP connection is kept alive.VMware vRealize Operations Manager 6.x tc Server Security Technical Implementation Guide V-241578CAT IItc Server API must limit the amount of time that each TCP connection is kept alive.VMware vRealize Operations Manager 6.x tc Server Security Technical Implementation Guide