STIGQter: STIG Summary: Application Server Security Requirements Guide Version: 3 Release: 1 Benchmark Date: 23 Oct 2020:

The application server must automatically terminate a user session after organization-defined conditions or trigger events requiring a session disconnect.

DISA Rule

SV-204777r508029_rule

Vulnerability Number

V-204777

Group Title

SRG-APP-000295

Rule Version

SRG-APP-000295-AS-000263

Severity

CAT II

CCI(s)

• CCI-002361 - The information system automatically terminates a user session after organization-defined conditions or trigger events requiring session disconnect.

Weight

10

Fix Recommendation

Configure the application server to terminate user sessions on defined conditions or trigger events.

Check Contents

Review application server documentation and configuration settings to determine if the application server is configured to close user sessions after defined conditions or trigger events are met.

If the application server is not configured or cannot be configured to disconnect users after defined conditions and trigger events are met, this is a finding.

Vulnerability Number

V-204777

Documentable

False

Rule Version

SRG-APP-000295-AS-000263

Severity Override Guidance

Review application server documentation and configuration settings to determine if the application server is configured to close user sessions after defined conditions or trigger events are met.

If the application server is not configured or cannot be configured to disconnect users after defined conditions and trigger events are met, this is a finding.

Check Content Reference

M

Target Key

2900

Comments