STIGQter: STIG Summary: ISEC7 Sphere Security Technical Implementation Guide Version: 2 Release: 1 Benchmark Date: 23 Oct 2020:

The ISEC7 EMM Suite must initiate a session lock after a 15-minute period of inactivity.

DISA Rule

SV-224761r505933_rule

Vulnerability Number

V-224761

Group Title

SRG-APP-000003

Rule Version

ISEC-06-000030

Severity

CAT II

CCI(s)

• CCI-000057 - The information system initiates a session lock after the organization-defined time period of inactivity.

Weight

10

Fix Recommendation

Log in to the ISEC7 EMM Console.
Navigate to Administration >> Configuration >> Apache Tomcat.
Set the session timeout to the correct value of 15 minutes or less.

Check Contents

Log in to the ISEC7 EMM Console.
Navigate to Administration >> Configuration >> Apache Tomcat.
Validate the session timeout has been set to the correct value.

Alternatively, allow the console to sit for 15 minutes and confirm that you are prompted to login once again when attempting to navigate to a new screen.

If the EMM Console timeout has not been set for 15 minutes or less, this is a finding.

Vulnerability Number

V-224761

Documentable

False

Rule Version

ISEC-06-000030

Severity Override Guidance

Log in to the ISEC7 EMM Console.
Navigate to Administration >> Configuration >> Apache Tomcat.
Validate the session timeout has been set to the correct value.

Alternatively, allow the console to sit for 15 minutes and confirm that you are prompted to login once again when attempting to navigate to a new screen.

If the EMM Console timeout has not been set for 15 minutes or less, this is a finding.

Check Content Reference

M

Target Key

4200

Comments