STIGhubSTIGhub
STIGsRMF ControlsCompare

STIGhub

A free tool to search and browse the entire DISA STIG library. Saves up to 75% in security compliance research time.

Navigation

  • Browse STIGs
  • Search
  • RMF Controls
  • Compare Versions

Resources

  • About
  • Release Notes
  • VPAT
  • DISA STIG Library
STIGs updated 5 hours ago
Powered by Pylon
© 2026 Beacon Cloud Solutions, Inc. All rights reserved.
← Back to HPE 3PAR SSMC Web Server Security Technical Implementation Guide

V-255261

CAT II (Medium)

SSMC web server must set an inactive timeout for sessions.

Rule ID

SV-255261r961221_rule

STIG

HPE 3PAR SSMC Web Server Security Technical Implementation Guide

Version

V2R1

CCIs

CCI-002361

Discussion

Leaving sessions open indefinitely is a major security risk. An attacker can easily use an already authenticated session to access the hosted application as the previously authenticated user. By closing sessions after a set period of inactivity, the web server can make certain that those sessions that are not closed through the user logging out of an application are eventually closed. Acceptable values are 5 minutes for high-value applications, 10 minutes for medium-value applications, and 20 minutes for low-value applications.

Check Content

Verify that idle session timeout is set by doing the following:

1. Log on to SSMC administrator console as ssmcadmin. 

2. Navigate to Actions >> Preferences.

3. Locate Session timeout property and check if it is set to 10 minutes.

If the value is not set to 10 minutes, this is a finding.

Fix Text

Configure idle session timeouts on the web GUI by doing the following:

1. Log on to SSMC administrator console as ssmcadmin.

2. Navigate to Actions >> Preferences.

3. Locate Session timeout property and update the value to 10 minutes.

4. Restart SSMC services from appliance TUI menu option 2.