STIGQter: STIG Summary: Palo Alto Networks NDM Security Technical Implementation Guide Version: 1 Release: 4 Benchmark Date: 24 Jan 2020:

The Palo Alto Networks security platform must terminate management sessions after 10 minutes of inactivity except to fulfill documented and validated mission requirements.

DISA Rule

SV-77233r1_rule

Vulnerability Number

V-62743

Group Title

SRG-APP-000190-NDM-000267

Rule Version

PANW-NM-000069

Severity

CAT I

CCI(s)

• CCI-001133 - The information system terminates the network connection associated with a communications session at the end of the session or after an organization-defined time period of inactivity.

Weight

10

Fix Recommendation

Go to Device >> Setup >> Management.
In the "Authentication Settings" pane, select the "Edit" icon (the gear symbol in the upper-right corner of the pane).
In the "Idle Timeout (min)" field, enter "10", then select "OK".
Commit changes by selecting "Commit" in the upper-right corner of the screen.
Select "OK" when the confirmation dialog appears.

Check Contents

Go to Device >> Setup >> Management.
View the "Authentication Settings" pane.
If the "Idle Timeout (min)" field is not "10" or less, ask the Administrator to produce documentation signed by the Authorizing Official that the configured value exists to support mission requirements.
If this documentation is not made available, this is a finding.

Vulnerability Number

V-62743

Documentable

False

Rule Version

PANW-NM-000069

Severity Override Guidance

Go to Device >> Setup >> Management.
View the "Authentication Settings" pane.
If the "Idle Timeout (min)" field is not "10" or less, ask the Administrator to produce documentation signed by the Authorizing Official that the configured value exists to support mission requirements.
If this documentation is not made available, this is a finding.

Check Content Reference

M

Target Key

2811

Comments