STIGQter: STIG Summary: Riverbed SteelHead CX v8 NDM Security Technical Implementation Guide Version: 1 Release: 2 Benchmark Date: 25 Oct 2019:

Riverbed Optimization System (RiOS) must automatically terminate a network administrator session after organization-defined conditions or trigger events requiring session disconnect.

DISA Rule

SV-77387r1_rule

Vulnerability Number

V-62897

Group Title

SRG-APP-000295-NDM-000279

Rule Version

RICX-DM-000039

Severity

CAT II

CCI(s)

• CCI-002361 - The information system automatically terminates a user session after organization-defined conditions or trigger events requiring session disconnect.

Weight

10

Fix Recommendation

Configure RiOS to automatically terminate a network administrator's session after a trigger event such as an inactivity timeout.

Navigate to the device CLI
Type: enable
Type: conf t
Type: web auto-logout <organization defined condition in minutes>
Type: write memory
Type: exit
Type: show web
Verify that "Inactivity Timeout:" represents the value entered above.
Type: exit

Check Contents

Verify that RiOS is configured to terminate a network administrator's session after a trigger event such as inactivity timeout.

Navigate to the device CLI
Type: enable
Type: show web
Verify that "Inactivity Timeout:" is set to the organizations defined condition

If no triggers are required by the organization, this is a finding.

Vulnerability Number

V-62897

Documentable

False

Rule Version

RICX-DM-000039

Severity Override Guidance

Verify that RiOS is configured to terminate a network administrator's session after a trigger event such as inactivity timeout.

Navigate to the device CLI
Type: enable
Type: show web
Verify that "Inactivity Timeout:" is set to the organizations defined condition

If no triggers are required by the organization, this is a finding.

Check Content Reference

M

Target Key

2931

Comments