STIGQter: STIG Summary: VMware Automation 7.x Application Security Technical Implementation Guide Version: 1 Release: 1 Benchmark Date: 28 Sep 2018:

The vRealize Automation application must be configured to a 15 minute of less session timeout.

DISA Rule

SV-99777r1_rule

Vulnerability Number

V-89127

Group Title

SRG-APP-000220-AS-000148

Rule Version

VRAU-AP-000295

Severity

CAT II

CCI(s)

• CCI-001185 - The information system invalidates session identifiers upon user logout or other session termination.

Weight

10

Fix Recommendation

To edit the session timeout, use the following steps:

1. Log on to the admin UI as the administrator.
2. Navigate to "Global Settings".
3. Select "Edit Global Settings", edit the "Session Timeout:" setting, and then select "OK".

Check Contents

Verify that the session timeout is set to an organization-defined time with the following steps:

1. Log on to the admin UI as the administrator.
2. Navigate to "Global Settings".
3. Review the session timeout value in minutes.

If the session timeout setting is not set to 15 minutes or less, this is a finding.

Vulnerability Number

V-89127

Documentable

False

Rule Version

VRAU-AP-000295

Severity Override Guidance

Verify that the session timeout is set to an organization-defined time with the following steps:

1. Log on to the admin UI as the administrator.
2. Navigate to "Global Settings".
3. Review the session timeout value in minutes.

If the session timeout setting is not set to 15 minutes or less, this is a finding.

Check Content Reference

M

Target Key

3447

Comments