STIGQter: STIG Summary: Cisco ISE NDM Security Technical Implementation Guide Version: 1 Release: 1 Benchmark Date: 13 Apr 2021:

For the account of last resort, the Cisco ISE must limit the number of concurrent sessions to one.

DISA Rule

SV-242607r714131_rule

Vulnerability Number

V-242607

Group Title

SRG-APP-000001-NDM-000200

Rule Version

CSCO-NM-000010

Severity

CAT III

CCI(s)

• CCI-000054 - The information system limits the number of concurrent sessions for each organization-defined account and/or account type to an organization-defined number of sessions.

Weight

10

Fix Recommendation

Configure local account maximum concurrent sessions based. There must be only one local account of last resort on each node.

1. Choose Administration >> System >> Settings >> Max Sessions >> User.
2. Set the Maximum Sessions per User field to "1".
3. Click "Save".

Check Contents

Review the local account of last resort limit for maximum number of concurrent users based to verify the setting is set based on user or identity group.

1. Choose Administration >> System >> Settings >> Max Sessions >> User.
2. Choose Administration >> System >> Settings >> Max Sessions >> Group.

MaxSessionsPerUser: 1

If the local account is not set to limit the maximum number of sessions to "1", this is a finding.

Vulnerability Number

V-242607

Documentable

False

Rule Version

CSCO-NM-000010

Severity Override Guidance

Review the local account of last resort limit for maximum number of concurrent users based to verify the setting is set based on user or identity group.

1. Choose Administration >> System >> Settings >> Max Sessions >> User.
2. Choose Administration >> System >> Settings >> Max Sessions >> Group.

MaxSessionsPerUser: 1

If the local account is not set to limit the maximum number of sessions to "1", this is a finding.

Check Content Reference

M

Target Key

5384

Comments