STIGQter: STIG Summary: Database Security Requirements Guide Version: 3 Release: 1 Benchmark Date: 22 Jan 2021:

The DBMS must automatically terminate a user session after organization-defined conditions or trigger events requiring session disconnect.

DISA Rule

SV-206580r617447_rule

Vulnerability Number

V-206580

Group Title

SRG-APP-000295

Rule Version

SRG-APP-000295-DB-000305

Severity

CAT II

CCI(s)

• CCI-002361 - The information system automatically terminates a user session after organization-defined conditions or trigger events requiring session disconnect.

Weight

10

Fix Recommendation

Configure the DBMS to automatically terminate a user session after organization-defined conditions or trigger events requiring session termination.

Check Contents

Review system documentation to obtain the organization's definition of circumstances requiring automatic session termination. If the documentation explicitly states that such termination is not required or is prohibited, this is not a finding.

If the documentation requires automatic session termination, but the DBMS is not configured accordingly, this is a finding.

Vulnerability Number

V-206580

Documentable

False

Rule Version

SRG-APP-000295-DB-000305

Severity Override Guidance

Review system documentation to obtain the organization's definition of circumstances requiring automatic session termination. If the documentation explicitly states that such termination is not required or is prohibited, this is not a finding.

If the documentation requires automatic session termination, but the DBMS is not configured accordingly, this is a finding.

Check Content Reference

M

Target Key

2902

Comments