STIGs RMF Controls Compare

STIGhub

A free tool to search and browse the entire DISA STIG library. Saves up to 75% in security compliance research time.

Navigation

Browse STIGs
Search
RMF Controls
Compare Versions

Resources

About
Release Notes
VPAT
DISA STIG Library

STIGs updated 2 hours ago

Powered by Pylon

© 2026 Beacon Cloud Solutions, Inc. All rights reserved.

← SC-10 — Network Disconnect

CCI-001133

Definition

Terminate the network connection associated with a communications session at the end of the session or after an organization-defined time period of inactivity.

Parent Control

SC-10Network DisconnectSystem and Communications Protection

Linked STIG Checks (200)

V-255600CAT IThe A10 Networks ADC must terminate management sessions after 10 minutes of inactivity except to fulfill documented and validated mission requirements.A10 Networks ADC NDM Security Technical Implementation Guide V-76499CAT IIThe Akamai Luna Portal must terminate all network connections associated with a device management session at the end of the session, or the session must be terminated after 15 minutes of inactivity except to fulfill documented and validated mission requirements.Akamai KSD Service Impact Level 2 NDM Security Technical Implementation Guide V-274050CAT IIAmazon Linux 2023 must be configured so that all network connections associated with SSH traffic are terminated after 10 minutes of becoming unresponsive.Amazon Linux 2023 Security Technical Implementation Guide V-274051CAT IIAmazon Linux 2023 must be configured so that all network connections associated with SSH traffic terminate after becoming unresponsive.Amazon Linux 2023 Security Technical Implementation Guide V-274142CAT IIAmazon Linux 2023 must automatically exit interactive command shell user sessions after 15 minutes of inactivity.Amazon Linux 2023 Security Technical Implementation Guide V-274166CAT IIAmazon Linux 2023 must terminate idle user sessions.Amazon Linux 2023 Security Technical Implementation Guide V-268142CAT IINixOS must terminate all SSH connections after 10 minutes of becoming unresponsive.Anduril NixOS Security Technical Implementation Guide V-268143CAT IINixOS must terminate all SSH connections after becoming unresponsive.Anduril NixOS Security Technical Implementation Guide V-252456CAT IIThe macOS system must be configured with the SSH daemon ClientAliveInterval option set to 900 or less.Apple macOS 12 (Monterey) Security Technical Implementation Guide V-252457CAT IIThe macOS system must be configured with the SSH daemon ClientAliveCountMax option set to 1.Apple macOS 12 (Monterey) Security Technical Implementation Guide V-252458CAT IIThe macOS system must be configured with the SSH daemon LoginGraceTime set to 30 or less.Apple macOS 12 (Monterey) Security Technical Implementation Guide V-257162CAT IIThe macOS system must be configured with the SSH daemon ClientAliveInterval option set to 900 or less.Apple macOS 13 (Ventura) Security Technical Implementation Guide V-257163CAT IIThe macOS system must be configured with the SSH daemon ClientAliveCountMax option set to 1.Apple macOS 13 (Ventura) Security Technical Implementation Guide V-257164CAT IIThe macOS system must be configured with the SSH daemon LoginGraceTime set to 30 or less.Apple macOS 13 (Ventura) Security Technical Implementation Guide V-259435CAT IIThe macOS system must configure SSHD ClientAliveInterval to 900.Apple macOS 14 (Sonoma) Security Technical Implementation Guide V-259436CAT IIThe macOS system must configure SSHD ClientAliveCountMax to 1.Apple macOS 14 (Sonoma) Security Technical Implementation Guide V-259437CAT IIThe macOS system must set Login Grace Time to 30.Apple macOS 14 (Sonoma) Security Technical Implementation Guide V-259445CAT IIThe macOS system must configure SSH ServerAliveInterval option set to 900.Apple macOS 14 (Sonoma) Security Technical Implementation Guide V-259446CAT IIThe macOS system must configure SSHD Channel Timeout to 900.Apple macOS 14 (Sonoma) Security Technical Implementation Guide V-259447CAT IIThe macOS system must configure SSHD unused connection timeout to 900.Apple macOS 14 (Sonoma) Security Technical Implementation Guide V-259448CAT IIThe macOS system must set SSH Active Server Alive Maximum to 0.Apple macOS 14 (Sonoma) Security Technical Implementation Guide V-268435CAT IIThe macOS system must configure SSHD ClientAliveInterval to 900.Apple macOS 15 (Sequoia) Security Technical Implementation Guide V-268436CAT IIThe macOS system must configure SSHD ClientAliveCountMax to 1.Apple macOS 15 (Sequoia) Security Technical Implementation Guide V-268437CAT IIThe macOS system must set login grace time to 30.Apple macOS 15 (Sequoia) Security Technical Implementation Guide V-268444CAT IIThe macOS system must configure the SSH ServerAliveInterval to 900.Apple macOS 15 (Sequoia) Security Technical Implementation Guide V-268445CAT IIThe macOS system must configure SSHD channel timeout to 900.Apple macOS 15 (Sequoia) Security Technical Implementation Guide V-268446CAT IIThe macOS system must configure SSHD unused connection timeout to 900.Apple macOS 15 (Sequoia) Security Technical Implementation Guide V-268447CAT IIThe macOS system must set SSH Active Server Alive Maximum to 0.Apple macOS 15 (Sequoia) Security Technical Implementation Guide V-277043CAT IIThe macOS system must configure SSHD ClientAliveInterval to 900.Apple macOS 26 (Tahoe) Security Technical Implementation Guide V-277044CAT IIThe macOS system must configure SSHD ClientAliveCountMax to 1.Apple macOS 26 (Tahoe) Security Technical Implementation Guide V-277045CAT IIThe macOS system must set login grace time to 30.Apple macOS 26 (Tahoe) Security Technical Implementation Guide V-277052CAT IIThe macOS system must configure the SSH ServerAliveInterval to 900.Apple macOS 26 (Tahoe) Security Technical Implementation Guide V-277053CAT IIThe macOS system must configure SSHD channel timeout to 900.Apple macOS 26 (Tahoe) Security Technical Implementation Guide V-277054CAT IIThe macOS system must configure SSHD unused connection timeout to 900.Apple macOS 26 (Tahoe) Security Technical Implementation Guide V-277055CAT IIThe macOS system must set SSH Active Server Alive Maximum to 0.Apple macOS 26 (Tahoe) Security Technical Implementation Guide V-204955CAT IIThe ALG must terminate all network connections associated with a communications session at the end of the session, or as follows: for in-band management sessions (privileged sessions), the session must be terminated after 10 minutes of inactivity; and for user sessions (non-privileged session), the session must be terminated after 15 minutes of inactivity.Application Layer Gateway Security Requirements Guide V-222568CAT IIThe application must terminate all network connections associated with a communications session at the end of the session.Application Security and Development Security Technical Implementation Guide V-237322CAT IThe ArcGIS Server must use Windows authentication to enforce approved authorizations for logical access to information and system resources in accordance with applicable access control policies.ArcGIS for Server 10.3 Security Technical Implementation Guide V-272628CAT IICylanceON-PREM must be configured to initiate a session timeout after 10 minutes of inactivity.Arctic Wolf CylanceON-PREM Security Technical Implementation Guide V-217366CAT IIThe Arista Multilayer Switch must terminate all network connections associated with a device management session at the end of the session, or the session must be terminated after 10 minutes of inactivity except to fulfill documented and validated mission requirements.Arista MLS DCS-7000 Series NDM Security Technical Implementation Guide V-255956CAT IThe Arista network device must terminate all network connections associated with a device management session at the end of the session, or the session must be terminated after 10 minutes of inactivity except to fulfill documented and validated mission requirements.Arista MLS EOS 4.X NDM Security Technical Implementation Guide V-256842CAT IICompliance Guardian must provide automated mechanisms for supporting account management functions.AvePoint Compliance Guardian Security Technical Implementation Guide V-276002CAT IIAx-OS must automatically terminate a graphical user interface (GUI) user session after 15 minutes.Axonius Federal Systems Ax-OS Security Technical Implementation Guide V-237370CAT IIThe CA API Gateway must terminate all network connections associated with a Policy Manager session at the end of the session or as follows: for in-band management sessions (privileged sessions), the session must be terminated after 10 minutes of inactivity within the Policy Manager, and for user sessions simply viewing the contents of Policy Manager or viewing Audit Logs for tracking purposes (non-privileged session), the session must be terminated after 15 minutes of inactivity.CA API Gateway ALG Security Technical Implementation Guide V-219311CAT IIThe Ubuntu operating system must automatically terminate all network connections associated with SSH traffic at the end of the session or after 10 minutes of inactivity.Canonical Ubuntu 18.04 LTS Security Technical Implementation Guide V-238212CAT IIThe Ubuntu operating system must immediately terminate all network connections associated with SSH traffic after a period of inactivity.Canonical Ubuntu 20.04 LTS Security Technical Implementation Guide V-238213CAT IIThe Ubuntu operating system must immediately terminate all network connections associated with SSH traffic at the end of the session or after 10 minutes of inactivity.Canonical Ubuntu 20.04 LTS Security Technical Implementation Guide V-260527CAT IIUbuntu 22.04 LTS must be configured so that all network connections associated with SSH traffic terminate after becoming unresponsive.Canonical Ubuntu 22.04 LTS Security Technical Implementation Guide V-260528CAT IIUbuntu 22.04 LTS must be configured so that all network connections associated with SSH traffic are terminated after 10 minutes of becoming unresponsive.Canonical Ubuntu 22.04 LTS Security Technical Implementation Guide V-270742CAT IIUbuntu 24.04 LTS must immediately terminate all network connections associated with SSH traffic after a period of inactivity.Canonical Ubuntu 24.04 LTS Security Technical Implementation Guide V-270743CAT IIUbuntu 24.04 LTS must immediately terminate all network connections associated with SSH traffic at the end of the session or after 10 minutes of inactivity.Canonical Ubuntu 24.04 LTS Security Technical Implementation Guide V-271969CAT ICisco ACI SSH sessions must be terminated after five minutes of inactivity.Cisco ACI NDM Security Technical Implementation Guide V-239920CAT IThe Cisco ASA must be configured to terminate all network connections associated with a device management session at the end of the session, or the session must be terminated after five minutes of inactivity except to fulfill documented and validated mission requirements.Cisco ASA NDM Security Technical Implementation Guide V-215688CAT IThe Cisco router must be configured to terminate all network connections associated with device management after five minutes of inactivity.Cisco IOS Router NDM Security Technical Implementation Guide V-220596CAT IThe Cisco switch must be configured to terminate all network connections associated with device management after five minutes of inactivity.Cisco IOS Switch NDM Security Technical Implementation Guide V-215833CAT IThe Cisco router must be configured to terminate all network connections associated with device management after five minutes of inactivity.Cisco IOS XE Router NDM Security Technical Implementation Guide V-220544CAT IThe Cisco switch must be configured to terminate all network connections associated with device management after five minutes of inactivity.Cisco IOS XE Switch NDM Security Technical Implementation Guide V-216532CAT IThe Cisco router must be configured to terminate all network connections associated with device management after five minutes of inactivity.Cisco IOS XR Router NDM Security Technical Implementation Guide V-242657CAT IThe Cisco ISE must terminate all network connections associated with a device management session at the end of the session, or the session must be terminated after six minutes of inactivity, except to fulfill documented and validated mission requirements.Cisco ISE NDM Security Technical Implementation Guide V-220493CAT IThe Cisco switch must be configured to terminate all network connections associated with device management after five minutes of inactivity.Cisco NX OS Switch NDM Security Technical Implementation Guide V-269108CAT IIAlmaLinux OS 9 must automatically exit interactive command shell user sessions after 10 minutes of inactivity.Cloud Linux AlmaLinux OS 9 Security Technical Implementation Guide V-269419CAT IIAlmaLinux OS 9 must be configured so that all network connections associated with SSH traffic are terminated after 10 minutes of becoming unresponsive.Cloud Linux AlmaLinux OS 9 Security Technical Implementation Guide V-269421CAT IIAlmaLinux OS 9 must terminate idle user sessions.Cloud Linux AlmaLinux OS 9 Security Technical Implementation Guide V-233108CAT IIThe application must terminate all network connections associated with a communications session at the end of the session, or as follows: for in-band management sessions (privileged sessions), the session must be terminated after 10 minutes of inactivity.Container Platform Security Requirements Guide V-255560CAT IThe DBN-6300 must terminate all network connections associated with a device management session at the end of the session, or the session must be terminated after 10 minutes of inactivity except to fulfill documented and validated mission requirements.DBN-6300 NDM Security Technical Implementation Guide V-269789CAT IThe Dell OS10 Switch must terminate all network connections associated with a device management session at the end of the session, or the session must be terminated after five minutes of inactivity except to fulfill documented and validated mission requirements.Dell OS10 Switch NDM Security Technical Implementation Guide V-235825CAT IIThe Lifetime Minutes and Renewal Threshold Minutes Login Session Controls must be set to 10 and 0 respectively in Docker Enterprise.Docker Enterprise 2.x Linux/UNIX Security Technical Implementation Guide V-270904CAT IIDragos must configure idle timeouts at 10 minutes.Dragos Platform 2.x Security Technical Implementation Guide V-259967CAT IThe Enterprise Voice, Video, and Messaging Endpoint must be configured to terminate all network connections associated with a communications session at the end of the session.Enterprise Voice, Video, and Messaging Endpoint Security Requirements Guide V-260013CAT IIThe Enterprise Voice, Video, and Messaging Session Manager must be configured to terminate all network connections associated with a communications session at the end of the session.Enterprise Voice, Video, and Messaging Session Management Security Requirements Guide V-217408CAT IThe BIG-IP appliance must be configured to terminate all management sessions after 10 minutes of inactivity.F5 BIG-IP Device Management Security Technical Implementation Guide V-215765CAT IIThe BIG-IP Core implementation must terminate all communications sessions at the end of the session or as follows: for in-band management sessions (privileged sessions), the session must be terminated after 10 minutes of inactivity, and for user sessions (nonprivileged sessions), the session must be terminated after 15 minutes of inactivity.F5 BIG-IP Local Traffic Manager Security Technical Implementation Guide V-266155CAT IThe F5 BIG-IP appliance must terminate all network connections associated with a communications session at the end of the session or after 15 minutes of inactivity.F5 BIG-IP TMOS ALG Security Technical Implementation Guide V-266095CAT IThe F5 BIG-IP appliance must set the idle time before automatic logout to five minutes of inactivity except to fulfill documented and validated mission requirements.F5 BIG-IP TMOS NDM Security Technical Implementation Guide V-255624CAT IICounterACT must terminate all network connections associated with an Enterprise Manager Console session upon Exit, or session disconnection, or after 10 minutes of inactivity, except where prevented by documented and validated mission requirements.ForeScout CounterACT NDM Security Technical Implementation Guide V-255625CAT IICounterACT must terminate all network connections associated with an SSH connection session upon Exit, session disconnection, or after 10 minutes of inactivity, except where prevented by documented and validated mission requirements.ForeScout CounterACT NDM Security Technical Implementation Guide V-230970CAT IForescout must terminate all network connections associated with a device management session at the end of the session, or the session must be terminated after 10 minutes of inactivity except to fulfill documented and validated mission requirements.Forescout Network Device Management Security Technical Implementation Guide V-234214CAT IThe FortiGate device must terminate idle sessions after 10 minutes of inactivity.Fortinet FortiGate Firewall NDM Security Technical Implementation Guide V-203659CAT IIThe operating system must terminate all network connections associated with a communications session at the end of the session, or as follows: for in-band management sessions (privileged sessions), the session must be terminated after 10 minutes of inactivity; and for user sessions (non-privileged session), the session must be terminated after 15 minutes of inactivity, except to fulfill documented and validated mission requirements.General Purpose Operating System Security Requirements Guide V-217457CAT IIThe HP FlexFabric Switch must terminate all network connections associated with a device management session at the end of the session, or the session must be terminated after 10 minutes of inactivity except to fulfill documented and validated mission requirements.HP FlexFabric Switch NDM Security Technical Implementation Guide V-255247CAT IISSMC must terminate all network connections associated with a communications session at the end of the session, or as follows: for in-band management sessions (privileged sessions), the session must be terminated after 10 minutes of inactivity.HPE 3PAR SSMC Operating System Security Technical Implementation Guide V-237815CAT IIThe storage system must terminate all network connections associated with a communications session at the end of the session, at shutdown, or after 10 minutes of inactivity.HPE 3PAR StoreServ 3.2.x Security Technical Implementation Guide V-255271CAT IIThe HPE 3PAR OS must be configured to terminate all network connections associated with a communications session at the end of the session, or after 10 minutes of inactivity.HPE 3PAR StoreServ 3.3.x Security Technical Implementation Guide V-283388CAT IThe HPE Alletra Storage ArcusOS device must terminate all network connections at the end of the session, or the session must be terminated after five minutes of inactivity, except to fulfill documented and validated mission requirements.HPE Alletra Storage ArcusOS Network Device Management Security Technical Implementation Guide V-266941CAT IAOS must terminate all network connections associated with a device management session at the end of the session, or the session must be terminated after five minutes of inactivity except to fulfill documented and validated mission requirements.HPE Aruba Networking AOS NDM Security Technical Implementation Guide V-266990CAT IIIAOS, when used as a VPN Gateway, must terminate all network connections associated with a communications session at the end of the session.HPE Aruba Networking AOS VPN Security Technical Implementation Guide V-266996CAT IIThe Remote Access VPN Gateway must terminate remote access network connections after an organization-defined time period.HPE Aruba Networking AOS VPN Security Technical Implementation Guide V-252196CAT IThe HPE Nimble must terminate all network connections associated with a device management session at the end of the session, or the session must be terminated after 10 minutes of inactivity.HPE Nimble Storage Array NDM Security Technical Implementation Guide V-268301CAT IThe HYCU virtual appliance must terminate all network connections associated with a device management session at the end of the session, or the session must be terminated after five minutes of inactivity except to fulfill documented and validated mission requirements.HYCU Protege Security Technical Implementation Guide V-215290CAT IIAIX must config the SSH idle timeout interval.IBM AIX 7.x Security Technical Implementation Guide V-215320CAT IIAIX must set inactivity time-out on login sessions and terminate all login sessions after 10 minutes of inactivity.IBM AIX 7.x Security Technical Implementation Guide V-252563CAT IIIBM Aspera Console interactive session must be terminated after 10 minutes of inactivity for non-privileged and privileged sessions.IBM Aspera Platform 4.2 Security Technical Implementation Guide V-252575CAT IIIBM Aspera Faspex interactive session must be terminated after 10 minutes of inactivity for non-privileged and privileged sessions.IBM Aspera Platform 4.2 Security Technical Implementation Guide V-252597CAT IIThe IBM Aspera Shares interactive session must be terminated after 10 minutes of inactivity for non-privileged and privileged sessions.IBM Aspera Platform 4.2 Security Technical Implementation Guide V-65107CAT IThe DataPower Gateway must terminate all network connections associated with a device management session at the end of the session, or the session must be terminated after 10 minutes of inactivity except to fulfill documented and validated mission requirements.IBM DataPower Network Device Management Security Technical Implementation Guide V-255750CAT IIThe WebGUI of the MQ Appliance network device must terminate all network connections associated with a device management session at the end of the session, or the session must be terminated after 10 minutes of inactivity except to fulfill documented and validated mission requirements.IBM MQ Appliance v9.0 NDM Security Technical Implementation Guide V-255751CAT IIThe SSH CLI of the MQ Appliance network device must terminate all network connections associated with a device management session at the end of the session, or the session must be terminated after 10 minutes of inactivity except to fulfill documented and validated mission requirements.IBM MQ Appliance v9.0 NDM Security Technical Implementation Guide V-223469CAT IIIBM z/OS TSO GSO record values must be set to the values specified.IBM z/OS ACF2 Security Technical Implementation Guide V-223526CAT IIIBM z/OS startup parameters for the FTP Server must be defined in the SYSTCPD and SYSFTPD DD statements for configuration files.IBM z/OS ACF2 Security Technical Implementation Guide V-223527CAT IIIBM z/OS FTP.DATA configuration for the FTP Server must have INACTIVE statement properly set.IBM z/OS ACF2 Security Technical Implementation Guide V-223608CAT IIIBM z/OS PROFILE.TCPIP configuration INACTIVITY statement must be configured to 900 seconds.IBM z/OS ACF2 Security Technical Implementation Guide V-223743CAT IIIBM FTP.DATA configuration for the FTP server must have the INACTIVE statement properly set.IBM z/OS RACF Security Technical Implementation Guide V-223744CAT IIIBM z/OS startup parameters for the FTP server must have the INACTIVE statement properly set.IBM z/OS RACF Security Technical Implementation Guide V-223835CAT IIThe IBM z/OS PROFILE.TCPIP configuration for the TN3270 Telnet server must have the INACTIVE statement properly specified.IBM z/OS RACF Security Technical Implementation Guide V-223980CAT IIIBM z/OS FTP.DATA configuration for the FTP server must have the INACTIVE statement properly set.IBM z/OS TSS Security Technical Implementation Guide V-223981CAT IIIBM z/OS startup parameters for the FTP server must have the INACTIVE statement properly set.IBM z/OS TSS Security Technical Implementation Guide V-224069CAT IIIBM z/OS PROFILE.TCPIP configuration for the TN3270 Telnet server must have the INACTIVE statement properly specified.IBM z/OS TSS Security Technical Implementation Guide V-258608CAT IThe ICS must be configured to terminate after five minutes of inactivity except to fulfill documented and validated mission requirements.Ivanti Connect Secure NDM Security Technical Implementation Guide V-258591CAT IIThe ICS must terminate remote access network connections after 10 minutes or less.Ivanti Connect Secure VPN Security Technical Implementation Guide V-251029CAT IIThe Sentry must terminate all network connections associated with a communications session at the end of the session, or as follows: for in-band management sessions (privileged sessions), the session must be terminated after 10 minutes of inactivity; and for mobile device sessions (non-privileged session), the session must be terminated after 15 minutes of inactivity.Ivanti MobileIron Sentry 9.x ALG Security Technical Implementation Guide V-250996CAT IMobileIron Sentry must terminate all network connections associated with a device management session at the end of the session, or the session must be terminated after 10 minutes of inactivity except to fulfill documented and validated mission requirement.Ivanti MobileIron Sentry 9.x NDM Security Technical Implementation Guide V-251029CAT IIThe Sentry must terminate all network connections associated with a communications session at the end of the session, or as follows: for in-band management sessions (privileged sessions), the session must be terminated after 10 minutes of inactivity; and for mobile device sessions (non-privileged session), the session must be terminated after 15 minutes of inactivity.Ivanti Sentry 9.x ALG Security Technical Implementation Guide V-250996CAT ISentry must terminate all network connections associated with a device management session at the end of the session, or the session must be terminated after 10 minutes of inactivity except to fulfill documented and validated mission requirement.Ivanti Sentry 9.x NDM Security Technical Implementation Guide V-253913CAT IThe Juniper EX switch must be configured to end all network connections associated with a device management session at the end of the session, or the session must be terminated after five minutes of inactivity except to fulfill mission requirements.Juniper EX Series Switches Network Device Management Security Technical Implementation Guide V-217328CAT IThe Juniper router must be configured to terminate all network connections associated with device management after five minutes of inactivity.Juniper Router NDM Security Technical Implementation Guide V-66537CAT IIThe Juniper SRX Services Gateway must terminate a device management session after 10 minutes of inactivity, except to fulfill documented and validated mission requirements.Juniper SRX SG NDM Security Technical Implementation Guide V-66539CAT IIThe Juniper SRX Services Gateway must terminate a device management session if the keep-alive count is exceeded.Juniper SRX SG NDM Security Technical Implementation Guide V-66681CAT IIIThe Juniper SRX Services Gateway VPN must terminate all network connections associated with a communications session at the end of the session.Juniper SRX SG VPN Security Technical Implementation Guide V-214528CAT IIThe Juniper SRX Services Gateway Firewall must terminate all communications sessions associated with user traffic after 15 minutes or less of inactivity.Juniper SRX Services Gateway ALG Security Technical Implementation Guide V-223231CAT IIThe Juniper SRX Services Gateway must terminate a device management session after 10 minutes of inactivity, except to fulfill documented and validated mission requirements.Juniper SRX Services Gateway NDM Security Technical Implementation Guide V-223232CAT IIThe Juniper SRX Services Gateway must terminate a device management session if the keep-alive count is exceeded.Juniper SRX Services Gateway NDM Security Technical Implementation Guide V-214689CAT IIThe Juniper SRX Services Gateway VPN must terminate all network connections associated with a communications session at the end of the session.Juniper SRX Services Gateway VPN Security Technical Implementation Guide V-245541CAT IIKubernetes Kubelet must not disable timeouts.Kubernetes Security Technical Implementation Guide V-253444CAT IIThe machine inactivity limit must be set to 15 minutes, locking the system with the screensaver.Microsoft Windows 11 Security Technical Implementation Guide V-224979CAT IIIThe directory service must be configured to terminate LDAP-based network connections to the directory server after 5 minutes of inactivity.Microsoft Windows Server 2016 Security Technical Implementation Guide V-205726CAT IIIWindows Server 2019 directory service must be configured to terminate LDAP-based network connections to the directory server after five minutes of inactivity.Microsoft Windows Server 2019 Security Technical Implementation Guide V-254400CAT IIIWindows Server 2022 directory service must be configured to terminate LDAP-based network connections to the directory server after five minutes of inactivity.Microsoft Windows Server 2022 Security Technical Implementation Guide V-278147CAT IIIWindows Server 2025 directory service must be configured to terminate LDAP-based network connections to the directory server after five minutes of inactivity.Microsoft Windows Server 2025 Security Technical Implementation Guide V-260903CAT IIThe Lifetime Minutes and Renewal Threshold Minutes Login Session Controls on MKE must be set.Mirantis Kubernetes Engine Security Technical Implementation Guide V-246959CAT IONTAP must terminate all network connections associated with a device management session at the end of the session, or the session must be terminated after 10 minutes of inactivity except to fulfill documented and validated mission requirements.NetApp ONTAP DSC 9.x Security Technical Implementation Guide V-202074CAT IThe network device must terminate all network connections associated with a device management session at the end of the session, or the session must be terminated after five minutes of inactivity except to fulfill documented and validated mission requirements.Network Device Management Security Requirements Guide V-243138CAT IThe network device must terminate all network connections associated with a device management session at the end of the session, or the session must be terminated after 10 minutes of inactivity except to fulfill documented and validated mission requirements.Network WLAN AP-IG Management Security Technical Implementation Guide V-243156CAT IThe network device must terminate all network connections associated with a device management session at the end of the session, or the session must be terminated after 10 minutes of inactivity except to fulfill documented and validated mission requirements.Network WLAN AP-NIPR Management Security Technical Implementation Guide V-243174CAT IThe network device must terminate all network connections associated with a device management session at the end of the session, or the session must be terminated after 10 minutes of inactivity except to fulfill documented and validated mission requirements.Network WLAN Bridge Management Security Technical Implementation Guide V-243192CAT IThe network device must terminate all network connections associated with a device management session at the end of the session, or the session must be terminated after 10 minutes of inactivity except to fulfill documented and validated mission requirements.Network WLAN Controller Management Security Technical Implementation Guide V-254122CAT IINutanix AOS must automatically terminate a user session after inactivity time-outs have expired or at shutdown.Nutanix AOS 5.20.x OS Security Technical Implementation Guide V-279530CAT IINutanix OS must configure the ClientAliveInterval to "600" and ClientAliveCountMax to "1".Nutanix Acropolis GPOS Security Technical Implementation Guide V-273186CAT IIOkta must log out a session after a 15-minute period of inactivity.Okta Identity as a Service (IDaaS) Security Technical Implementation Guide V-221841CAT IIThe Oracle Linux operating system must be configured so that all network connections associated with a communication session are terminated at the end of the session or after 15 minutes of inactivity from the user at a command prompt, except to fulfill documented and validated mission requirements.Oracle Linux 7 Security Technical Implementation Guide V-221849CAT IIThe Oracle Linux operating system must be configured so that all network connections associated with SSH traffic are terminated after 10 minutes of becoming unresponsive.Oracle Linux 7 Security Technical Implementation Guide V-221851CAT IIThe Oracle Linux operating system must be configured so that all network connections associated with SSH traffic terminate after becoming unresponsive.Oracle Linux 7 Security Technical Implementation Guide V-248552CAT IIOL 8 must be configured so that all network connections associated with SSH traffic terminate after becoming unresponsive.Oracle Linux 8 Security Technical Implementation Guide V-248553CAT IIOL 8 must be configured so that all network connections associated with SSH traffic are terminated after 10 minutes of becoming unresponsive.Oracle Linux 8 Security Technical Implementation Guide V-257259CAT IIOL 8 must terminate idle user sessions.Oracle Linux 8 Security Technical Implementation Guide V-279934CAT IIOL 8 must automatically exit interactive command shell user sessions after 10 minutes of inactivity.Oracle Linux 8 Security Technical Implementation Guide V-271709CAT IIOL 9 must be configured so that all network connections associated with SSH traffic terminate after becoming unresponsive.Oracle Linux 9 Security Technical Implementation Guide V-271710CAT IIOL 9 must be configured so that all network connections associated with SSH traffic are terminated after 10 minutes of becoming unresponsive.Oracle Linux 9 Security Technical Implementation Guide V-271750CAT IIOL 9 must automatically exit interactive command shell user sessions after 15 minutes of inactivity.Oracle Linux 9 Security Technical Implementation Guide V-235979CAT IIIOracle WebLogic must terminate the network connection associated with a communications session at the end of the session or after a DoD-defined time period of inactivity.Oracle WebLogic Server 12c Security Technical Implementation Guide V-228846CAT IIThe Palo Alto Networks security platform must terminate communications sessions after 15 minutes of inactivity.Palo Alto Networks ALG Security Technical Implementation Guide V-228658CAT IThe Palo Alto Networks security platform must terminate management sessions after 10 minutes of inactivity except to fulfill documented and validated mission requirements.Palo Alto Networks NDM Security Technical Implementation Guide V-273809CAT IThe RUCKUS ICX device must terminate all network connections associated with a device management session at the end of the session, or the session must be terminated after five minutes of inactivity except to fulfill documented and validated mission requirements.RUCKUS ICX NDM Security Technical Implementation Guide V-254568CAT IIRancher RKE2 must terminate all network connections associated with a communications session at the end of the session, or as follows: for in-band management sessions (privileged sessions), the session must be terminated after five minutes of inactivity.Rancher Government Solutions RKE2 Security Technical Implementation Guide V-281269CAT IIRHEL 10 must be configured so that all network connections associated with Secure Shell (SSH) traffic terminate after becoming unresponsive.Red Hat Enterprise Linux 10 Security Technical Implementation Guide V-281295CAT IIRHEL 10 must automatically exit interactive command shell user sessions after 15 minutes of inactivity.Red Hat Enterprise Linux 10 Security Technical Implementation Guide V-281296CAT IIRHEL 10 must be configured with a timeout interval for the Secure Shell (SSH) daemon.Red Hat Enterprise Linux 10 Security Technical Implementation Guide V-204579CAT IIThe Red Hat Enterprise Linux operating system must be configured so that all network connections associated with a communication session are terminated at the end of the session or after 15 minutes of inactivity from the user at a command prompt, except to fulfill documented and validated mission requirements.Red Hat Enterprise Linux 7 Security Technical Implementation Guide V-204587CAT IIThe Red Hat Enterprise Linux operating system must be configured so that all network connections associated with SSH traffic are terminated after 10 minutes of becoming unresponsive.Red Hat Enterprise Linux 7 Security Technical Implementation Guide V-204589CAT IIThe Red Hat Enterprise Linux operating system must be configured so that all network connections associated with SSH traffic terminate after becoming unresponsive.Red Hat Enterprise Linux 7 Security Technical Implementation Guide V-230244CAT IIRHEL 8 must be configured so that all network connections associated with SSH traffic terminate after becoming unresponsive.Red Hat Enterprise Linux 8 Security Technical Implementation Guide V-244525CAT IIRHEL 8 must be configured so that all network connections associated with SSH traffic are terminated after 10 minutes of becoming unresponsive.Red Hat Enterprise Linux 8 Security Technical Implementation Guide V-257258CAT IIRHEL 8.7 and higher must terminate idle user sessions.Red Hat Enterprise Linux 8 Security Technical Implementation Guide V-279929CAT IIRHEL 8 must automatically exit interactive command shell user sessions after 10 minutes of inactivity.Red Hat Enterprise Linux 8 Security Technical Implementation Guide V-257995CAT IIRHEL 9 must be configured so that all network connections associated with SSH traffic terminate after becoming unresponsive.Red Hat Enterprise Linux 9 Security Technical Implementation Guide V-257996CAT IIRHEL 9 must be configured so that all network connections associated with SSH traffic are terminated after 10 minutes of becoming unresponsive.Red Hat Enterprise Linux 9 Security Technical Implementation Guide V-258068CAT IIRHEL 9 must automatically exit interactive command shell user sessions after 10 minutes of inactivity.Red Hat Enterprise Linux 9 Security Technical Implementation Guide V-258077CAT IIRHEL 9 must terminate idle user sessions.Red Hat Enterprise Linux 9 Security Technical Implementation Guide V-257544CAT IIOpenShift must terminate all network connections associated with a communications session at the end of the session, or as follows: for in-band management sessions (privileged sessions), the session must be terminated after 10 minutes of inactivity.Red Hat OpenShift Container Platform 4.12 Security Technical Implementation Guide V-257540CAT IOpenShift must disable root and terminate network connections.Red Hat OpenShift Container Platform 4.x Security Technical Implementation Guide V-257544CAT IIOpenShift must terminate all network connections associated with a communications session at the end of the session, or as follows: for in-band management sessions (privileged sessions), the session must be terminated after 10 minutes of inactivity.Red Hat OpenShift Container Platform 4.x Security Technical Implementation Guide V-275621CAT IIUbuntu OS must be configured so that all network connections associated with SSH traffic terminate after becoming unresponsive.Riverbed NetIM OS Security Technical Implementation Guide V-256084CAT IThe Riverbed NetProfiler must be configured to terminate all network connections associated with a device management session at the end of the session, or the session must be terminated after 10 minutes of inactivity except to fulfill documented and validated mission requirements.Riverbed NetProfiler Security Technical Implementation Guide V-254086CAT IIInnoslate must initiate a session lock after a 15-minute period of inactivity.SPEC Innovations Innoslate 4.x Security Technical Implementation Guide V-261331CAT IISLEM 5 must be configured so that all network connections associated with SSH traffic terminate after becoming unresponsive.SUSE Linux Enterprise Micro (SLEM) 5 Security Technical Implementation Guide V-261332CAT IISLEM 5 must be configured so that all network connections associated with SSH traffic are terminated after 10 minutes of becoming unresponsive.SUSE Linux Enterprise Micro (SLEM) 5 Security Technical Implementation Guide V-217272CAT IIThe SUSE operating system SSH daemon must be configured with a timeout interval.SUSE Linux Enterprise Server 12 Security Technical Implementation Guide V-217273CAT IIThe SUSE operating system for all network connections associated with SSH traffic must immediately terminate at the end of the session or after 10 minutes of inactivity.SUSE Linux Enterprise Server 12 Security Technical Implementation Guide V-216356CAT IIIThe operating system must terminate the network connection associated with a communications session at the end of the session or after 10 minutes of inactivity.Solaris 11 SPARC Security Technical Implementation Guide V-216399CAT IIThe operating system must terminate all sessions and network connections when nonlocal maintenance is completed.Solaris 11 SPARC Security Technical Implementation Guide V-216119CAT IIIThe operating system must terminate the network connection associated with a communications session at the end of the session or after 10 minutes of inactivity.Solaris 11 X86 Security Technical Implementation Guide V-216162CAT IIThe operating system must terminate all sessions and network connections when nonlocal maintenance is completed.Solaris 11 X86 Security Technical Implementation Guide V-279264CAT IThe Edge SWG must terminate all network connections associated with a device management session at the end of the session, or the session must be terminated after five minutes of inactivity except to fulfill documented and validated mission requirements.Symantec Edge SWG NDM Security Technical Implementation Guide V-94301CAT ISymantec ProxySG must terminate all network connections associated with a communications session at the end of the session or terminate user sessions (nonprivileged session) after 15 minutes of inactivity.Symantec ProxySG ALG Security Technical Implementation Guide V-94713CAT ISymantec ProxySG must terminate all network connections associated with a device management session at the end of the session, or the session must be terminated after 10 minutes of inactivity except to fulfill documented and validated mission requirements.Symantec ProxySG NDM Security Technical Implementation Guide V-241005CAT IICommon Access Card (CAC)-based authentication must be enabled and enforced on the Tanium Server for all access and all accounts.Tanium 7.0 Security Technical Implementation Guide V-234066CAT IICommon Access Card (CAC)-based authentication must be enabled and enforced on the Tanium Server for all access and all accounts.Tanium 7.3 Security Technical Implementation Guide V-254852CAT IITanium Operating System (TanOS) must terminate all network connections associated with a communications session at the end of the session, or as follows: For in-band management sessions (privileged sessions), the session must be terminated after 10 minutes of inactivity; for user sessions (nonprivileged session), the session must be terminated after 15 minutes of inactivity, except to fulfill documented and validated mission requirements.Tanium 7.x Operating System on TanOS Security Technical Implementation Guide V-241141CAT IITrend Deep Security must terminate all network connections associated with a communications session at the end of the session, or as follows: for in-band management sessions (privileged sessions), the session must be terminated after 10 minutes of inactivity; and for user sessions (non-privileged session), the session must be terminated after 15 minutes of inactivity, except to fulfill documented and validated mission requirements.Trend Micro Deep Security 9.x Security Technical Implementation Guide V-242244CAT IThe TippingPoint SMS must terminate all network connections associated with a device management session at the end of the session, or the session must be terminated after 10 minutes of inactivity except to fulfill documented and validated mission requirements.Trend Micro TippingPoint NDM Security Technical Implementation Guide V-253083CAT IITOSS must be configured so that all network connections associated with SSH traffic are terminated at the end of the session or after 10 minutes of inactivity, except to fulfill documented and validated mission requirements.Tri-Lab Operating System Stack (TOSS) 4 Security Technical Implementation Guide V-282381CAT IITOSS 5 must automatically exit interactive command shell user sessions after 15 minutes of inactivity.Tri-Lab Operating System Stack (TOSS) 5 Security Technical Implementation Guide V-265327CAT IThe NSX Manager must terminate all network connections associated with a session after five minutes of inactivity.VMware NSX 4.x Manager NDM Security Technical Implementation Guide V-69189CAT IIThe NSX vCenter must terminate all network connections associated with a device management session at the end of the session, or the session must be terminated after 10 minutes of inactivity except to fulfill documented and validated mission requirements.VMware NSX Manager Security Technical Implementation Guide V-251781CAT IThe NSX-T Manager must terminate the device management session at the end of the session or after 10 minutes of inactivity.VMware NSX-T Manager NDM Security Technical Implementation Guide V-240471CAT IIThe SLES for vRealize must terminate all network connections associated with a communications session at the end of the session, or as follows: for in-band management sessions (privileged sessions), the session must be terminated after 10 minutes of inactivity; and for user sessions (non-privileged session), the session must be terminated after 15 minutes of inactivity, except to fulfill documented and validated mission requirements.VMware vRealize Automation 7.x SLES Security Technical Implementation Guide V-239564CAT IIThe SLES for vRealize must terminate all network connections associated with a communications session at the end of the session, or as follows: for in-band management sessions (privileged sessions), the session must be terminated after 10 minutes of inactivity; and for user sessions (non-privileged session), the session must be terminated after 15 minutes of inactivity, except to fulfill documented and validated mission requirements.VMware vRealize Operations Manager 6.x SLES Security Technical Implementation Guide V-256405CAT IIThe ESXi host must set a timeout to automatically disable idle shell sessions after two minutes.VMware vSphere 7.0 ESXi Security Technical Implementation Guide V-256406CAT IIThe ESXi host must terminate shell services after 10 minutes.VMware vSphere 7.0 ESXi Security Technical Implementation Guide V-256407CAT IIThe ESXi host must log out of the console UI after two minutes.VMware vSphere 7.0 ESXi Security Technical Implementation Guide V-256513CAT IIThe Photon operating system must configure sshd to disconnect idle Secure Shell (SSH) sessions.VMware vSphere 7.0 vCenter Appliance Photon OS Security Technical Implementation Guide