STIGQter: STIG Summary: Network Device Management Security Requirements Guide Version: 4 Release: 1 Benchmark Date: 23 Apr 2021:

The network device must retain the session lock until the administrator reestablishes access using established identification and authentication procedures.

DISA Rule

SV-202009r395454_rule

Vulnerability Number

V-202009

Group Title

SRG-APP-000005

Rule Version

SRG-APP-000005-NDM-000204

Severity

CAT II

CCI(s)

• CCI-000056 - The information system retains the session lock until the user reestablishes access using established identification and authentication procedures.

Weight

10

Fix Recommendation

Configure the network device to retain session lock until the administrator re-authenticates.

Check Contents

Review the network device configuration to determine if the device retains session lock until the administrator re-authenticates. This may be verified by configuration check, demonstration, or other validation test results. If the device does not require re-authentication before releasing the session lock, this is a finding.

Vulnerability Number

V-202009

Documentable

False

Rule Version

SRG-APP-000005-NDM-000204

Severity Override Guidance

Review the network device configuration to determine if the device retains session lock until the administrator re-authenticates. This may be verified by configuration check, demonstration, or other validation test results. If the device does not require re-authentication before releasing the session lock, this is a finding.

Check Content Reference

M

Target Key

2890

Comments