STIGQter: STIG Summary: Cisco ISE NDM Security Technical Implementation Guide Version: 1 Release: 1 Benchmark Date: 13 Apr 2021:

The Cisco ISE must terminate all network connections associated with a device management session at the end of the session, or the session must be terminated after 10 minutes of inactivity except to fulfill documented and validated mission requirements.

DISA Rule

SV-242657r714281_rule

Vulnerability Number

V-242657

Group Title

SRG-APP-000190-NDM-000267

Rule Version

CSCO-NM-000520

Severity

CAT I

CCI(s)

CCI-001133 - The information system terminates the network connection associated with a communications session at the end of the session or after an organization-defined time period of inactivity.

Weight

Fix Recommendation

Configure Session Timeout for Administrators.

1. Choose Administration >> System >> Admin Access >> Settings >> Session >> Session Timeout.
2. Type "10".
3. Click "Save".

Check Contents

From the CLI EXEC mode type show terminal.

From the GUI navigate to Administration >> System >> Admin Access >> Settings >> Session.

View the session timeout setting.

If the terminal and administration setting is not set to 10 minutes or less, this is a finding.

The Cisco ISE must terminate all network connections associated with a device management session at the end of the session, or the session must be terminated after 10 minutes of inactivity except to fulfill documented and validated mission requirements.

DISA Rule

Vulnerability Number

Group Title

Rule Version

Severity

CCI(s)

Weight

Fix Recommendation

Check Contents

Vulnerability Number

Documentable

Rule Version

Severity Override Guidance

Check Content Reference

Target Key

Comments