STIGhubSTIGhub
STIGsSearchCompare

STIGhub

A free tool to search and browse the entire DISA STIG library. Saves up to 75% in security compliance research time.

Navigation

  • Browse STIGs
  • Search
  • Compare Versions

Resources

  • About
  • Release Notes
  • VPAT
  • DISA STIG Library
STIGs updated 5 hours ago
Powered by Pylon
© 2026 Beacon Cloud Solutions, Inc. All rights reserved.
← Back to Network Device Management Security Requirements Guide

V-202085

CAT II (Medium)

The network device must be configured to provide a logout mechanism for administrator-initiated communication sessions.

Rule ID

SV-202085r961224_rule

STIG

Network Device Management Security Requirements Guide

Version

V5R4

CCIs

CCI-002363

Discussion

If an administrator cannot explicitly end a device management session, the session may remain open and be exploited by an attacker; this is referred to as a zombie session.

Check Content

Review the network device configuration to determine if it is configured to enable a logout for administrator-initiated communication sessions.

If the network device is not configured to provide a logout mechanism for these sessions, this is a finding.

Fix Text

Configure the network device to provide a logout capability for administrator-initiated communication sessions.