STIGQter: STIG Summary: Network Device Management Security Requirements Guide Version: 4 Release: 1 Benchmark Date: 23 Apr 2021:

The network device must invalidate session identifiers upon administrator logout or other session termination.

DISA Rule

SV-202075r397729_rule

Vulnerability Number

V-202075

Group Title

SRG-APP-000220

Rule Version

SRG-APP-000220-NDM-000268

Severity

CAT II

CCI(s)

• CCI-001185 - The information system invalidates session identifiers upon user logout or other session termination.

Weight

10

Fix Recommendation

Configure the network device to invalidate session identifiers upon administrator logout or other session termination.

Check Contents

If the network device uses a web interface for device management, determine if the network device invalidates session identifiers upon administrator logout or other session termination. This requirement may be verified by validated test results. If the network device does not invalidate session identifiers upon administrator logout or other session termination, this is a finding.

Vulnerability Number

V-202075

Documentable

False

Rule Version

SRG-APP-000220-NDM-000268

Severity Override Guidance

If the network device uses a web interface for device management, determine if the network device invalidates session identifiers upon administrator logout or other session termination. This requirement may be verified by validated test results. If the network device does not invalidate session identifiers upon administrator logout or other session termination, this is a finding.

Check Content Reference

M

Target Key

2890

Comments