STIGQter: STIG Summary: Network Device Management Security Requirements Guide Version: 4 Release: 1 Benchmark Date: 23 Apr 2021:

The network device must terminate all network connections associated with a device management session at the end of the session, or the session must be terminated after 10 minutes of inactivity except to fulfill documented and validated mission requirements.

DISA Rule

SV-202074r539622_rule

Vulnerability Number

V-202074

Group Title

SRG-APP-000190

Rule Version

SRG-APP-000190-NDM-000267

Severity

CAT I

CCI(s)

• CCI-001133 - The information system terminates the network connection associated with a communications session at the end of the session or after an organization-defined time period of inactivity.

Weight

10

Fix Recommendation

Configure the network device to terminate the connection associated with a device management session at the end of the session or after 10 minutes of inactivity.

Check Contents

Determine if the network device terminates the connection associated with a device management session at the end of the session or after 10 minutes of inactivity. This requirement may be verified by demonstration or configuration review. If the network device does not terminate the connection associated with a device management session at the end of the session or after 10 minutes of inactivity, this is a finding.

Vulnerability Number

V-202074

Documentable

False

Rule Version

SRG-APP-000190-NDM-000267

Severity Override Guidance

Determine if the network device terminates the connection associated with a device management session at the end of the session or after 10 minutes of inactivity. This requirement may be verified by demonstration or configuration review. If the network device does not terminate the connection associated with a device management session at the end of the session or after 10 minutes of inactivity, this is a finding.

Check Content Reference

M

Target Key

2890

Comments