Rule ID
SV-266941r1039844_rule
Version
V1R1
CCIs
CCI-001133, CCI-000879
Terminating an idle session within a short time period reduces the window of opportunity for unauthorized personnel to take control of a management session enabled on the console or console port that has been left unattended. Quickly terminating an idle session will also free up resources committed by the managed network element. Terminating network connections associated with communications sessions includes, for example, deallocating associated Transmission Control Protocol/Internet Protocol (TCP/IP) address/port pairs at the operating system level or deallocating networking assignments at the application level if multiple application sessions are using a single, operating system-level network connection. This does not mean that the device terminates all sessions or network access; it only ends the inactive session and releases the resources associated with that session. Satisfies: SRG-APP-000190-NDM-000267, SRG-APP-000186-NDM-000266
Verify the AOS configuration with the following commands: show running-config | include "loginsession timeout" show web-server profile If the login session timeout is not set to "5" (minutes), this is a finding. If "User session timeout <30-3600> (seconds)" is not set to "300", this is a finding.
Configure AOS with the following commands: configure terminal loginsession timeout 5 web-server profile session-timeout 300 exit write memory