STIGQter: STIG Summary: Mainframe Product Security Requirements Guide Version: 1 Release: 4 Benchmark Date: 24 Jan 2020:

The Mainframe Product must automatically terminate a user session after conditions, as defined in site security plan, are met or trigger events requiring session disconnect.

DISA Rule

SV-82607r1_rule

Vulnerability Number

V-68117

Group Title

SRG-APP-000295-MFP-000006

Rule Version

SRG-APP-000295-MFP-000006

Severity

CAT II

CCI(s)

• CCI-002361 - The information system automatically terminates a user session after organization-defined conditions or trigger events requiring session disconnect.

Weight

10

Fix Recommendation

Configure the Mainframe Product to automatically terminate a user session after any conditions as defined in site security plan or trigger requiring disconnect.

Check Contents

If the Mainframe Product has no data screen capability, this requirement is not applicable.

Determine whether the Mainframe Product has capability to terminate user sessions according to conditions as defined in site security plan and triggers. If it cannot, this is a finding.

Examine Configuration settings to determine whether the Mainframe Product is configured to automatically terminate sessions. If it is not, this is a finding.

Vulnerability Number

V-68117

Documentable

False

Rule Version

SRG-APP-000295-MFP-000006

Severity Override Guidance

If the Mainframe Product has no data screen capability, this requirement is not applicable.

Determine whether the Mainframe Product has capability to terminate user sessions according to conditions as defined in site security plan and triggers. If it cannot, this is a finding.

Examine Configuration settings to determine whether the Mainframe Product is configured to automatically terminate sessions. If it is not, this is a finding.

Check Content Reference

M

Target Key

3061

Comments