STIGQter STIGQter: STIG Summary: Database Security Requirements Guide Version: 2 Release: 9 Benchmark Date: 25 Oct 2019: The DBMS must invalidate session identifiers upon user logout or other session termination.

DISA Rule

SV-42860r2_rule

Vulnerability Number

V-32523

Group Title

SRG-APP-000220-DB-000149

Rule Version

SRG-APP-000220-DB-000149

Severity

CAT II

CCI(s)

Weight

10

Fix Recommendation

Configure DBMS settings to terminate sessions, invalidating their session identifiers, upon user logout.

Configure DBMS settings to terminate sessions, invalidating their session identifiers, upon the occurrence of any organization- or policy-defined session termination event.

Check Contents

Review DBMS settings and vendor documentation to verify user sessions are terminated, and session identifiers invalidated, upon user logout. If they are not, this is a finding.

Review system documentation and organization policy to identify other events that should result in session terminations.

If other session termination events are defined, review DBMS settings to verify occurrences of these events would cause session termination, invalidating the session identifiers.

If occurrences of defined session terminating events do not cause session terminations, invalidating the session identifiers, this is a finding.

Vulnerability Number

V-32523

Documentable

False

Rule Version

SRG-APP-000220-DB-000149

Severity Override Guidance

Review DBMS settings and vendor documentation to verify user sessions are terminated, and session identifiers invalidated, upon user logout. If they are not, this is a finding.

Review system documentation and organization policy to identify other events that should result in session terminations.

If other session termination events are defined, review DBMS settings to verify occurrences of these events would cause session termination, invalidating the session identifiers.

If occurrences of defined session terminating events do not cause session terminations, invalidating the session identifiers, this is a finding.

Check Content Reference

M

Target Key

2219

Comments