STIGs RMF Controls Compare

STIGhub

A free tool to search and browse the entire DISA STIG library. Saves up to 75% in security compliance research time.

Navigation

Browse STIGs
Search
RMF Controls
Compare Versions

Resources

About
Release Notes
VPAT
DISA STIG Library

STIGs updated 2 hours ago

Powered by Pylon

© 2026 Beacon Cloud Solutions, Inc. All rights reserved.

← AC-12 — Session Termination

CCI-002361

Definition

Automatically terminate a user session after organization-defined conditions or trigger events requiring session disconnect.

Parent Control

AC-12Session TerminationAccess Control

Linked STIG Checks (165)

V-274050CAT IIAmazon Linux 2023 must be configured so that all network connections associated with SSH traffic are terminated after 10 minutes of becoming unresponsive.Amazon Linux 2023 Security Technical Implementation Guide V-274051CAT IIAmazon Linux 2023 must be configured so that all network connections associated with SSH traffic terminate after becoming unresponsive.Amazon Linux 2023 Security Technical Implementation Guide V-268142CAT IINixOS must terminate all SSH connections after 10 minutes of becoming unresponsive.Anduril NixOS Security Technical Implementation Guide V-214250CAT IIThe Apache web server must invalidate session identifiers upon hosted application user logout or other session termination.Apache Server 2.4 UNIX Server Security Technical Implementation Guide V-214258CAT IIThe Apache web server must set an inactive timeout for sessions.Apache Server 2.4 UNIX Server Security Technical Implementation Guide V-214341CAT IIThe Apache web server must set an absolute timeout for sessions.Apache Server 2.4 Windows Server Security Technical Implementation Guide V-214342CAT IIThe Apache web server must set an inactive timeout for completing the TLS handshakeApache Server 2.4 Windows Server Security Technical Implementation Guide V-222979CAT IIIdle timeout for the management application must be set to 10 minutes.Apache Tomcat Application Server 9 Security Technical Implementation Guide V-259449CAT IIThe macOS system must enforce auto logout after 86400 seconds of inactivity.Apple macOS 14 (Sonoma) Security Technical Implementation Guide V-268445CAT IIThe macOS system must configure SSHD channel timeout to 900.Apple macOS 15 (Sequoia) Security Technical Implementation Guide V-268446CAT IIThe macOS system must configure SSHD unused connection timeout to 900.Apple macOS 15 (Sequoia) Security Technical Implementation Guide V-268448CAT IIThe macOS system must enforce auto logout after 86400 seconds of inactivity.Apple macOS 15 (Sequoia) Security Technical Implementation Guide V-277053CAT IIThe macOS system must configure SSHD channel timeout to 900.Apple macOS 26 (Tahoe) Security Technical Implementation Guide V-277054CAT IIThe macOS system must configure SSHD unused connection timeout to 900.Apple macOS 26 (Tahoe) Security Technical Implementation Guide V-277056CAT IIThe macOS system must enforce auto logout after 86400 seconds of inactivity.Apple macOS 26 (Tahoe) Security Technical Implementation Guide V-205055CAT IIThe ALG providing user access control intermediary services must automatically terminate a user session when organization-defined conditions or trigger events that require a session disconnect occur.Application Layer Gateway Security Requirements Guide V-222388CAT IIThe application must clear temporary storage and cookies when the session is terminated.Application Security and Development Security Technical Implementation Guide V-222389CAT IIThe application must automatically terminate the non-privileged user session and log off non-privileged users after a 15 minute idle time period has elapsed.Application Security and Development Security Technical Implementation Guide V-222390CAT IIThe application must automatically terminate the admin user session and log off admin users after a 10 minute idle time period is exceeded.Application Security and Development Security Technical Implementation Guide V-204777CAT IIThe application server must automatically terminate a user session after organization-defined conditions or trigger events requiring a session disconnect.Application Server Security Requirements Guide V-237327CAT IIThe ArcGIS Server must implement replay-resistant authentication mechanisms for network access to privileged accounts and non-privileged accounts.ArcGIS for Server 10.3 Security Technical Implementation Guide V-272628CAT IICylanceON-PREM must be configured to initiate a session timeout after 10 minutes of inactivity.Arctic Wolf CylanceON-PREM Security Technical Implementation Guide V-256842CAT IICompliance Guardian must provide automated mechanisms for supporting account management functions.AvePoint Compliance Guardian Security Technical Implementation Guide V-276002CAT IIAx-OS must automatically terminate a graphical user interface (GUI) user session after 15 minutes.Axonius Federal Systems Ax-OS Security Technical Implementation Guide V-79027CAT IIThe BlackBerry Enterprise Mobility Server (BEMS) must be configured with an inactivity timeout of 15 minutes or less.BlackBerry Enterprise Mobility Server 2.x Security Technical Implementation Guide V-254718CAT IIThe BlackBerry Enterprise Mobility Server (BEMS) must be configured with an inactivity timeout of 15 minutes or less.BlackBerry Enterprise Mobility Server 3.x Security Technical Implementation Guide V-237420CAT IIThe CA API Gateway providing user access control intermediary services must automatically terminate a user session when organization-defined conditions or trigger events that require a session disconnect occur.CA API Gateway ALG Security Technical Implementation Guide V-251628CAT IICA IDMS must automatically terminate a terminal session after organization-defined conditions or trigger events of terminal inactivity time.CA IDMS Security Technical Implementation Guide V-251629CAT IICA IDMS must automatically terminate a batch external request unit after organization-defined conditions or trigger events after the batch program abnormally terminates.CA IDMS Security Technical Implementation Guide V-251630CAT IICA IDMS must automatically terminate an external run-unit after organization-defined conditions or trigger events of time waiting to issue a database request.CA IDMS Security Technical Implementation Guide V-251631CAT IICA IDMS must automatically terminate a task or session after organization-defined conditions or trigger events of time waiting to get a resource and/or time of inactivity.CA IDMS Security Technical Implementation Guide V-219311CAT IIThe Ubuntu operating system must automatically terminate all network connections associated with SSH traffic at the end of the session or after 10 minutes of inactivity.Canonical Ubuntu 18.04 LTS Security Technical Implementation Guide V-238207CAT IIThe Ubuntu operating system must automatically terminate a user session after inactivity timeouts have expired.Canonical Ubuntu 20.04 LTS Security Technical Implementation Guide V-260554CAT IIUbuntu 22.04 LTS must automatically exit interactive command shell user sessions after 15 minutes of inactivity.Canonical Ubuntu 22.04 LTS Security Technical Implementation Guide V-270680CAT IIUbuntu 24.04 LTS must automatically terminate a user session after inactivity timeouts have expired.Canonical Ubuntu 24.04 LTS Security Technical Implementation Guide V-221922CAT IIThe Central Log Server must automatically terminate a user session after organization-defined conditions or trigger events requiring session disconnect.Central Log Server Security Requirements Guide V-269419CAT IIAlmaLinux OS 9 must be configured so that all network connections associated with SSH traffic are terminated after 10 minutes of becoming unresponsive.Cloud Linux AlmaLinux OS 9 Security Technical Implementation Guide V-233613CAT IIPostgreSQL must automatically terminate a user session after organization-defined conditions or trigger events requiring session disconnect.Crunchy Data PostgreSQL Security Technical Implementation Guide V-261910CAT IIPostgreSQL must automatically terminate a user session after organization-defined conditions or trigger events requiring session disconnect.Crunchy Data Postgres 16 Security Technical Implementation Guide V-255563CAT IIThe DBN-6300 must automatically terminate a network administrator session after organization-defined conditions or trigger events requiring session disconnect.DBN-6300 NDM Security Technical Implementation Guide V-206580CAT IIThe DBMS must automatically terminate a user session after organization-defined conditions or trigger events requiring session disconnect.Database Security Requirements Guide V-235825CAT IIThe Lifetime Minutes and Renewal Threshold Minutes Login Session Controls must be set to 10 and 0 respectively in Docker Enterprise.Docker Enterprise 2.x Linux/UNIX Security Technical Implementation Guide V-235829CAT IIIThe Docker Enterprise per user limit login session control must be set per the requirements in the System Security Plan (SSP).Docker Enterprise 2.x Linux/UNIX Security Technical Implementation Guide V-270904CAT IIDragos must configure idle timeouts at 10 minutes.Dragos Platform 2.x Security Technical Implementation Guide V-224187CAT IIThe EDB Postgres Advanced Server must automatically terminate a user session after organization-defined conditions or trigger events requiring session disconnect.EDB Postgres Advanced Server v11 on Windows Security Technical Implementation Guide V-213613CAT IIThe EDB Postgres Advanced Server must automatically terminate a user session after organization-defined conditions or trigger events requiring session disconnect.EDB Postgres Advanced Server v9.6 Security Technical Implementation Guide V-259268CAT IIThe EDB Postgres Advanced Server must automatically terminate a user session after organization-defined conditions or trigger events requiring session disconnect.EnterpriseDB Postgres Advanced Server (EPAS) Security Technical Implementation Guide V-230211CAT IIThe BIG-IP APM module access policy profile must be configured to automatically terminate user sessions for users connected to virtual servers when organization-defined conditions or trigger events occur that require a session disconnect.F5 BIG-IP Access Policy Manager Security Technical Implementation Guide V-230214CAT IIThe BIG-IP Core implementation must automatically terminate a user session for a user connected to virtual servers when organization-defined conditions or trigger events occur that require a session disconnect.F5 BIG-IP Local Traffic Manager Security Technical Implementation Guide V-233331CAT IIFor TLS connections, Forescout must automatically terminate the session when a client certificate is requested and the client does not have a suitable certificate. This is required for compliance with C2C Step 1.Forescout Network Access Control Security Technical Implementation Guide V-203683CAT IIThe operating system must automatically terminate a user session after inactivity time-outs have expired or at shutdown.General Purpose Operating System Security Requirements Guide V-255247CAT IISSMC must terminate all network connections associated with a communications session at the end of the session, or as follows: for in-band management sessions (privileged sessions), the session must be terminated after 10 minutes of inactivity.HPE 3PAR SSMC Operating System Security Technical Implementation Guide V-255260CAT IISSMC web server must set an absolute timeout for sessions.HPE 3PAR SSMC Web Server Security Technical Implementation Guide V-255261CAT IISSMC web server must set an inactive timeout for sessions.HPE 3PAR SSMC Web Server Security Technical Implementation Guide V-255262CAT IISSMC web server must set an inactive timeout for shell sessions.HPE 3PAR SSMC Web Server Security Technical Implementation Guide V-237815CAT IIThe storage system must terminate all network connections associated with a communications session at the end of the session, at shutdown, or after 10 minutes of inactivity.HPE 3PAR StoreServ 3.2.x Security Technical Implementation Guide V-255271CAT IIThe HPE 3PAR OS must be configured to terminate all network connections associated with a communications session at the end of the session, or after 10 minutes of inactivity.HPE 3PAR StoreServ 3.3.x Security Technical Implementation Guide V-283037CAT IIThe HPE Alletra Storage ArcusOS device must set an inactive timeout for sessions.HPE Alletra Storage ArcusOS Web Server Security Technical Implementation Guide V-215290CAT IIAIX must config the SSH idle timeout interval.IBM AIX 7.x Security Technical Implementation Guide V-215320CAT IIAIX must set inactivity time-out on login sessions and terminate all login sessions after 10 minutes of inactivity.IBM AIX 7.x Security Technical Implementation Guide V-252563CAT IIIBM Aspera Console interactive session must be terminated after 10 minutes of inactivity for non-privileged and privileged sessions.IBM Aspera Platform 4.2 Security Technical Implementation Guide V-252575CAT IIIBM Aspera Faspex interactive session must be terminated after 10 minutes of inactivity for non-privileged and privileged sessions.IBM Aspera Platform 4.2 Security Technical Implementation Guide V-252597CAT IIThe IBM Aspera Shares interactive session must be terminated after 10 minutes of inactivity for non-privileged and privileged sessions.IBM Aspera Platform 4.2 Security Technical Implementation Guide V-213715CAT IIDB2 must automatically terminate a user session after organization-defined conditions or trigger events requiring session disconnect.IBM DB2 V10.5 LUW Security Technical Implementation Guide V-65121CAT IIThe DataPower Gateway must automatically terminate a network administrator session after organization-defined conditions or trigger events requiring session disconnect.IBM DataPower Network Device Management Security Technical Implementation Guide V-255788CAT IIThe MQ Appliance messaging server must automatically terminate a SSH user session after organization-defined conditions or trigger events requiring a session disconnect.IBM MQ Appliance V9.0 AS Security Technical Implementation Guide V-255789CAT IIThe MQ Appliance must automatically terminate a WebGUI user session after 600 seconds of idle time.IBM MQ Appliance V9.0 AS Security Technical Implementation Guide V-255755CAT IIThe MQ Appliance network device must automatically terminate a network administrator session after organization-defined conditions or trigger events requiring session disconnect.IBM MQ Appliance v9.0 NDM Security Technical Implementation Guide V-250340CAT IIHTTP session timeout must be configured.IBM WebSphere Liberty Server Security Technical Implementation Guide V-255819CAT IIThe WebSphere Application Server admin console session timeout must be configured.IBM WebSphere Traditional V9.x Security Technical Implementation Guide V-223608CAT IIIBM z/OS PROFILE.TCPIP configuration INACTIVITY statement must be configured to 900 seconds.IBM z/OS ACF2 Security Technical Implementation Guide V-223757CAT IIIBM z/OS must configure system wait times to protect resource availability based on site priorities.IBM z/OS RACF Security Technical Implementation Guide V-223886CAT IIThe CA-TSS NEWPW control options must be properly set.IBM z/OS TSS Security Technical Implementation Guide V-223972CAT IICA-TSS VTHRESH Control Option values specified must be set to (10,NOT,CAN).IBM z/OS TSS Security Technical Implementation Guide V-224069CAT IIIBM z/OS PROFILE.TCPIP configuration for the TN3270 Telnet server must have the INACTIVE statement properly specified.IBM z/OS TSS Security Technical Implementation Guide V-251414CAT IIThe Ivanti EPMM server must automatically terminate a user session after an organization-defined period of user inactivity.Ivanti EPMM Server Security Technical Implementation Guide V-251414CAT IIThe Ivanti MobileIron Core server must automatically terminate a user session after an organization-defined period of user inactivity.Ivanti MobileIron Core MDM Server Security Technical Implementation Guide V-66457CAT IIThe Juniper SRX Services Gateway must automatically terminate a network administrator session after organization-defined conditions or trigger events requiring session disconnect.Juniper SRX SG NDM Security Technical Implementation Guide V-66631CAT IIThe Juniper SRX Services Gateway VPN must renegotiate the security association after 8 hours or less.Juniper SRX SG VPN Security Technical Implementation Guide V-66643CAT IIThe Juniper SRX Services Gateway VPN must renegotiate the security association after 24 hours or less.Juniper SRX SG VPN Security Technical Implementation Guide V-229024CAT IIThe Juniper SRX Services Gateway must be configured to use an authentication server to centrally apply authentication and logon settings for remote and nonlocal access for device management.Juniper SRX Services Gateway NDM Security Technical Implementation Guide V-214669CAT IIThe Juniper SRX Services Gateway VPN must renegotiate the IPsec security association after 8 hours or less.Juniper SRX Services Gateway VPN Security Technical Implementation Guide V-214670CAT IIThe Juniper SRX Services Gateway VPN must renegotiate the IKE security association after 24 hours or less.Juniper SRX Services Gateway VPN Security Technical Implementation Guide V-213864CAT IISQL Server must automatically terminate a user session after organization-defined conditions or trigger events requiring session disconnect.MS SQL Server 2014 Instance Security Technical Implementation Guide V-205535CAT IIThe Mainframe Product must automatically terminate a user session after conditions, as defined in site security plan, are met or trigger events requiring session disconnect.Mainframe Product Security Requirements Guide V-253717CAT IIMariaDB must automatically terminate a user's session after organization-defined conditions or trigger events requiring session disconnect.MariaDB Enterprise 10.x Security Technical Implementation Guide V-255340CAT IIAzure SQL Database must automatically terminate a user session after organization-defined conditions or trigger events requiring session disconnect.Microsoft Azure SQL Database Security Technical Implementation Guide V-270200CAT IIMicrosoft Entra ID must initiate a session lock after a 15-minute period of inactivity.Microsoft Entra ID Security Technical Implementation Guide V-228399CAT IIIThe Exchange Receive connector timeout must be limited.Microsoft Exchange 2016 Mailbox Server Security Technical Implementation Guide V-259630CAT IIExchange must limit the Receive connector timeout.Microsoft Exchange 2019 Edge Server Security Technical Implementation Guide V-259697CAT IIIThe Exchange receive connector timeout must be limited.Microsoft Exchange 2019 Mailbox Server Security Technical Implementation Guide V-218762CAT IIThe Idle Time-out monitor for each IIS 10.0 website must be enabled.Microsoft IIS 10.0 Site Security Technical Implementation Guide V-218763CAT IIThe IIS 10.0 websites connectionTimeout setting must be explicitly configured to disconnect an idle session.Microsoft IIS 10.0 Site Security Technical Implementation Guide V-273867CAT IIMicrosoft Intune service must initiate a session lock after a 15-minute period of inactivity.Microsoft Intune MDM Service Desktop & Mobile Security Technical Implementation Guide V-273867CAT IIMicrosoft Intune service must initiate a session lock after a 15-minute period of inactivity.Microsoft Intune MDM Service Desktop & Mobile Security Technical Implementation Guide V-253444CAT IIThe machine inactivity limit must be set to 15 minutes, locking the system with the screensaver.Microsoft Windows 11 Security Technical Implementation Guide V-254400CAT IIIWindows Server 2022 directory service must be configured to terminate LDAP-based network connections to the directory server after five minutes of inactivity.Microsoft Windows Server 2022 Security Technical Implementation Guide V-278147CAT IIIWindows Server 2025 directory service must be configured to terminate LDAP-based network connections to the directory server after five minutes of inactivity.Microsoft Windows Server 2025 Security Technical Implementation Guide V-252170CAT IIMongoDB must automatically terminate a user session after organization-defined conditions or trigger events requiring session disconnect.MongoDB Enterprise Advanced 4.x Security Technical Implementation Guide V-265933CAT IIThe DBMS must automatically terminate a user session after organization-defined conditions or trigger events requiring session disconnect.MongoDB Enterprise Advanced 7.x Security Technical Implementation Guide V-281700CAT IIIMongoDB must terminate a user session after organization-defined conditions or trigger events requiring session disconnect via a scheduled script.MongoDB Enterprise Advanced 8.x Security Technical Implementation Guide V-254097CAT IINutanix AOS must automatically terminate a user session after 15 minutes of inactivity.Nutanix AOS 5.20.x Application Security Technical Implementation Guide V-254122CAT IINutanix AOS must automatically terminate a user session after inactivity time-outs have expired or at shutdown.Nutanix AOS 5.20.x OS Security Technical Implementation Guide V-279416CAT IINutanix AOS must automatically terminate a user session after a maximum of 15 minutes for nonprivileged users.Nutanix Acropolis Application Server Security Technical Implementation Guide V-279530CAT IINutanix OS must configure the ClientAliveInterval to "600" and ClientAliveCountMax to "1".Nutanix Acropolis GPOS Security Technical Implementation Guide V-238473CAT IIThe DBMS must terminate the network connection associated with a communications session at the end of the session or after 15 minutes of inactivity.Oracle Database 11.2g Security Technical Implementation Guide V-237738CAT IIThe DBMS must terminate the network connection associated with a communications session at the end of the session or 15 minutes of inactivity.Oracle Database 12c Security Technical Implementation Guide V-270497CAT IIOracle Database must automatically terminate a user session after organization-defined conditions or trigger events requiring session disconnect.Oracle Database 19c Security Technical Implementation Guide V-221849CAT IIThe Oracle Linux operating system must be configured so that all network connections associated with SSH traffic are terminated after 10 minutes of becoming unresponsive.Oracle Linux 7 Security Technical Implementation Guide V-248552CAT IIOL 8 must be configured so that all network connections associated with SSH traffic terminate after becoming unresponsive.Oracle Linux 8 Security Technical Implementation Guide V-248553CAT IIOL 8 must be configured so that all network connections associated with SSH traffic are terminated after 10 minutes of becoming unresponsive.Oracle Linux 8 Security Technical Implementation Guide V-271709CAT IIOL 9 must be configured so that all network connections associated with SSH traffic terminate after becoming unresponsive.Oracle Linux 9 Security Technical Implementation Guide V-271710CAT IIOL 9 must be configured so that all network connections associated with SSH traffic are terminated after 10 minutes of becoming unresponsive.Oracle Linux 9 Security Technical Implementation Guide V-235185CAT IIThe MySQL Database Server 8.0 must automatically terminate a user session after organization-defined conditions or trigger events requiring session disconnect.Oracle MySQL 8.0 Security Technical Implementation Guide V-214147CAT IIPostgreSQL must automatically terminate a user session after organization-defined conditions or trigger events requiring session disconnect.PostgreSQL 9.x Security Technical Implementation Guide V-281269CAT IIRHEL 10 must be configured so that all network connections associated with Secure Shell (SSH) traffic terminate after becoming unresponsive.Red Hat Enterprise Linux 10 Security Technical Implementation Guide V-281296CAT IIRHEL 10 must be configured with a timeout interval for the Secure Shell (SSH) daemon.Red Hat Enterprise Linux 10 Security Technical Implementation Guide V-204579CAT IIThe Red Hat Enterprise Linux operating system must be configured so that all network connections associated with a communication session are terminated at the end of the session or after 15 minutes of inactivity from the user at a command prompt, except to fulfill documented and validated mission requirements.Red Hat Enterprise Linux 7 Security Technical Implementation Guide V-204587CAT IIThe Red Hat Enterprise Linux operating system must be configured so that all network connections associated with SSH traffic are terminated after 10 minutes of becoming unresponsive.Red Hat Enterprise Linux 7 Security Technical Implementation Guide V-204589CAT IIThe Red Hat Enterprise Linux operating system must be configured so that all network connections associated with SSH traffic terminate after becoming unresponsive.Red Hat Enterprise Linux 7 Security Technical Implementation Guide V-257995CAT IIRHEL 9 must be configured so that all network connections associated with SSH traffic terminate after becoming unresponsive.Red Hat Enterprise Linux 9 Security Technical Implementation Guide V-257996CAT IIRHEL 9 must be configured so that all network connections associated with SSH traffic are terminated after 10 minutes of becoming unresponsive.Red Hat Enterprise Linux 9 Security Technical Implementation Guide V-275643CAT IIUbuntu OS must automatically exit interactive command shell user sessions after five minutes of inactivity.Riverbed NetIM OS Security Technical Implementation Guide V-254093CAT IInnoslate must use multifactor authentication for network access to privileged and non-privileged accounts.SPEC Innovations Innoslate 4.x Security Technical Implementation Guide V-261332CAT IISLEM 5 must be configured so that all network connections associated with SSH traffic are terminated after 10 minutes of becoming unresponsive.SUSE Linux Enterprise Micro (SLEM) 5 Security Technical Implementation Guide V-217272CAT IIThe SUSE operating system SSH daemon must be configured with a timeout interval.SUSE Linux Enterprise Server 12 Security Technical Implementation Guide V-217273CAT IIThe SUSE operating system for all network connections associated with SSH traffic must immediately terminate at the end of the session or after 10 minutes of inactivity.SUSE Linux Enterprise Server 12 Security Technical Implementation Guide V-221938CAT IISplunk Enterprise idle session timeout must be set to not exceed 15 minutes.Splunk Enterprise 7.x for Windows Security Technical Implementation Guide V-251657CAT IISplunk Enterprise idle session timeout must be set to not exceed 15 minutes.Splunk Enterprise 8.x for Linux Security Technical Implementation Guide V-241067CAT IITanium must set an absolute timeout for sessions.Tanium 7.0 Security Technical Implementation Guide V-241068CAT IITanium must set an inactive timeout for sessions.Tanium 7.0 Security Technical Implementation Guide V-234126CAT IIThe Tanium application must set an absolute timeout for sessions.Tanium 7.3 Security Technical Implementation Guide V-234127CAT IIThe Tanium application must set an inactive timeout for sessions.Tanium 7.3 Security Technical Implementation Guide V-254927CAT IIThe Tanium application must set an inactive timeout for sessions.Tanium 7.x Application on TanOS Security Technical Implementation Guide V-254859CAT IITanium Operating System (TanOS) must automatically terminate a user session after organization-defined conditions or trigger events requiring session disconnect.Tanium 7.x Operating System on TanOS Security Technical Implementation Guide V-253873CAT IIThe Tanium application must set an inactive timeout for sessions.Tanium 7.x Security Technical Implementation Guide V-253083CAT IITOSS must be configured so that all network connections associated with SSH traffic are terminated at the end of the session or after 10 minutes of inactivity, except to fulfill documented and validated mission requirements.Tri-Lab Operating System Stack (TOSS) 4 Security Technical Implementation Guide V-282381CAT IITOSS 5 must automatically exit interactive command shell user sessions after 15 minutes of inactivity.Tri-Lab Operating System Stack (TOSS) 5 Security Technical Implementation Guide V-234442CAT IIThe UEM server must automatically terminate a user session after an organization-defined period of user inactivity.Unified Endpoint Management Server Security Requirements Guide V-240072CAT IIHAProxy must set an absolute timeout on sessions.VMW vRealize Automation 7.x HA Proxy Security Technical Implementation Guide V-240073CAT IIHAProxy must set an inactive timeout on sessions.VMW vRealize Automation 7.x HA Proxy Security Technical Implementation Guide V-69193CAT IIThe NSX vCenter must automatically terminate a network administrator session after organization-defined conditions or trigger events requiring session disconnect.VMware NSX Manager Security Technical Implementation Guide V-240497CAT IIThe SLES for vRealize must automatically terminate a user session after inactivity time-outs have expired or at shutdown.VMware vRealize Automation 7.x SLES Security Technical Implementation Guide V-240839CAT IItc Server HORIZON must set an inactive timeout for sessions.VMware vRealize Automation 7.x tc Server Security Technical Implementation Guide V-240840CAT IItc Server VCO must set an inactive timeout for sessions.VMware vRealize Automation 7.x tc Server Security Technical Implementation Guide V-240841CAT IItc Server VCAC must set an inactive timeout for sessions.VMware vRealize Automation 7.x tc Server Security Technical Implementation Guide V-239591CAT IIThe SLES for vRealize must automatically terminate a user session after inactivity time-outs have expired or at shutdown.VMware vRealize Operations Manager 6.x SLES Security Technical Implementation Guide V-241694CAT IItc Server UI must set an inactive timeout for sessions.VMware vRealize Operations Manager 6.x tc Server Security Technical Implementation Guide V-241695CAT IItc Server CaSa must set an inactive timeout for sessions.VMware vRealize Operations Manager 6.x tc Server Security Technical Implementation Guide V-241696CAT IItc Server API must set an inactive timeout for sessions.VMware vRealize Operations Manager 6.x tc Server Security Technical Implementation Guide V-256405CAT IIThe ESXi host must set a timeout to automatically disable idle shell sessions after two minutes.VMware vSphere 7.0 ESXi Security Technical Implementation Guide V-256482CAT IIThe Photon operating system must set a session inactivity timeout of 15 minutes or less.VMware vSphere 7.0 vCenter Appliance Photon OS Security Technical Implementation Guide V-256334CAT IIThe vCenter Server must terminate vSphere Client sessions after 10 minutes of inactivity.VMware vSphere 7.0 vCenter Security Technical Implementation Guide V-258739CAT IIThe ESXi host must set a timeout to automatically end idle shell sessions after fifteen minutes.VMware vSphere 8.0 ESXi Security Technical Implementation Guide V-259015CAT IIThe vCenter ESX Agent Manager service must set an inactive timeout for sessions.VMware vSphere 8.0 vCenter Appliance ESX Agent Manager (EAM) Security Technical Implementation Guide V-259049CAT IIThe vCenter Lookup service must set an inactive timeout for sessions.VMware vSphere 8.0 vCenter Appliance Lookup Service Security Technical Implementation Guide V-259083CAT IIThe vCenter Perfcharts service must set an inactive timeout for sessions.VMware vSphere 8.0 vCenter Appliance Perfcharts Security Technical Implementation Guide V-258840CAT IIThe operating system must automatically terminate a user session after inactivity time-outs have expired.VMware vSphere 8.0 vCenter Appliance Photon OS 4.0 Security Technical Implementation Guide V-258983CAT IIThe vCenter STS service must set an inactive timeout for sessions.VMware vSphere 8.0 vCenter Appliance Secure Token Service (STS) Security Technical Implementation Guide V-259116CAT IIThe vCenter UI service must set an inactive timeout for sessions.VMware vSphere 8.0 vCenter Appliance User Interface (UI) Security Technical Implementation Guide V-258920CAT IIThe vCenter Server must terminate vSphere Client sessions after 15 minutes of inactivity.VMware vSphere 8.0 vCenter Security Technical Implementation Guide V-207432CAT IIThe VMM must automatically terminate a user session after inactivity timeouts have expired or at shutdown.Virtual Machine Manager Security Requirements Guide V-206414CAT IIThe web server must set an absolute session timeout value of eight hours or less.Web Server Security Requirements Guide V-206415CAT IIThe web server must set an inactive timeout for sessions.Web Server Security Requirements Guide V-269572CAT IXylok Security Suite must expire a session upon browser closing.Xylok Security Suite 20.x Security Technical Implementation Guide