STIGhubSTIGhub
STIGsRMF ControlsCompare

STIGhub

A free tool to search and browse the entire DISA STIG library. Saves up to 75% in security compliance research time.

Navigation

  • Browse STIGs
  • Search
  • RMF Controls
  • Compare Versions

Resources

  • About
  • Release Notes
  • VPAT
  • DISA STIG Library
STIGs updated 3 hours ago
Powered by Pylon
© 2026 Beacon Cloud Solutions, Inc. All rights reserved.
← Back to Microsoft Windows 10 Security Technical Implementation Guide

V-220738

CAT II (Medium)

Windows 10 nonpersistent VM sessions must not exceed 24 hours.

Rule ID

SV-220738r890426_rule

STIG

Microsoft Windows 10 Security Technical Implementation Guide

Version

V2R9

CCIs

CCI-001199

Discussion

For virtual desktop implementations (VDIs) where the virtual desktop instance is deleted or refreshed upon logoff, the organization should enforce that sessions be terminated within 24 hours. This would ensure any data stored on the VM that is not encrypted or covered by Credential Guard is deleted.

Check Content

Ensure there is a documented policy or procedure in place that nonpersistent VM sessions do not exceed 24 hours. If the system is NOT a nonpersistent VM, this is Not Applicable.

If no such documented policy or procedure is in place, this is a finding.

Fix Text

Set nonpersistent VM sessions to not exceed 24 hours.