STIGQter: STIG Summary: Database Security Requirements Guide Version: 3 Release: 1 Benchmark Date: 22 Jan 2021:

The DBMS must provide logout functionality to allow the user to manually terminate a session initiated by that user.

DISA Rule

SV-206581r617447_rule

Vulnerability Number

V-206581

Group Title

SRG-APP-000296

Rule Version

SRG-APP-000296-DB-000306

Severity

CAT II

CCI(s)

• CCI-002363 - The information system provides a logout capability for user-initiated communications sessions whenever authentication is used to gain access to organization-defined information resources.

Weight

10

Fix Recommendation

Where relevant, modify the configuration to allow the user to manually terminate a session initiated by that user.

Check Contents

Determine, by reviewing DBMS documentation and/or inquiring of the vendor's technical support staff, whether the DBMS satisfies this requirement; and, if it does, determine whether this is inherent, unchangeable behavior, or a configurable feature.

If the DBMS does not satisfy the requirement, this is a permanent finding.

If the behavior is inherent, this is permanently not a finding.

If the behavior is configurable, and the current configuration does not enforce it, this is a finding.

Vulnerability Number

V-206581

Documentable

False

Rule Version

SRG-APP-000296-DB-000306

Severity Override Guidance

Determine, by reviewing DBMS documentation and/or inquiring of the vendor's technical support staff, whether the DBMS satisfies this requirement; and, if it does, determine whether this is inherent, unchangeable behavior, or a configurable feature.

If the DBMS does not satisfy the requirement, this is a permanent finding.

If the behavior is inherent, this is permanently not a finding.

If the behavior is configurable, and the current configuration does not enforce it, this is a finding.

Check Content Reference

M

Target Key

2902

Comments