STIGQter: STIG Summary: Application Security and Development Security Technical Implementation Guide Version: 5 Release: 1 Benchmark Date: 23 Oct 2020:

The application must terminate all network connections associated with a communications session at the end of the session.

DISA Rule

SV-222568r508029_rule

Vulnerability Number

V-222568

Group Title

SRG-APP-000190

Rule Version

APSC-DV-002000

Severity

CAT II

CCI(s)

• CCI-001133 - The information system terminates the network connection associated with a communications session at the end of the session or after an organization-defined time period of inactivity.

Weight

10

Fix Recommendation

Configure or design the application to terminate application network sessions at the end of the session.

Check Contents

Review the application documentation and interview the system administrator to determine how the application is designed and configured to terminate network connections at the end of the application session.

Identify any documented exceptions to the requirement and review associated mitigations.

If the application provides a management interface for controlling or monitoring application network sessions, access that management interface. Monitor application network activity.

If the application utilizes the underlying OS to control network connections, access the command prompt of the OS. Run the OS command for observing network connections at the OS. For Windows and Unix OS's, use the "netstat" command. Include command parameters that identify the application and/or process ID. netstat /? or -h provides the list of available parameters.

Observe network activity and associate application processes with network connections. Repeat use of the command to identify changing network state.

Determine if application session network connections are being terminated at the end of the session by observing the "state" column of the netstat command output with each iteration.

If the application does not terminate network connections when application sessions end, this is a finding.

If exceptions are documented with no mitigation this is a finding.

Vulnerability Number

V-222568

Documentable

False

Rule Version

APSC-DV-002000

Severity Override Guidance

Review the application documentation and interview the system administrator to determine how the application is designed and configured to terminate network connections at the end of the application session.

Identify any documented exceptions to the requirement and review associated mitigations.

If the application provides a management interface for controlling or monitoring application network sessions, access that management interface. Monitor application network activity.

If the application utilizes the underlying OS to control network connections, access the command prompt of the OS. Run the OS command for observing network connections at the OS. For Windows and Unix OS's, use the "netstat" command. Include command parameters that identify the application and/or process ID. netstat /? or -h provides the list of available parameters.

Observe network activity and associate application processes with network connections. Repeat use of the command to identify changing network state.

Determine if application session network connections are being terminated at the end of the session by observing the "state" column of the netstat command output with each iteration.

If the application does not terminate network connections when application sessions end, this is a finding.

If exceptions are documented with no mitigation this is a finding.

Check Content Reference

M

Target Key

4093

Comments