STIGQter STIGQter: STIG Summary: Application Server Security Requirements Guide Version: 2 Release: 7 Benchmark Date: 25 Oct 2019: The application server must automatically terminate a user session after organization-defined conditions or trigger events requiring a session disconnect.

DISA Rule

SV-71673r2_rule

Vulnerability Number

V-57401

Group Title

SRG-APP-000295-AS-000263

Rule Version

SRG-APP-000295-AS-000263

Severity

CAT II

CCI(s)

Weight

10

Fix Recommendation

Configure the application server to terminate user sessions on defined conditions or trigger events.

Check Contents

Review application server documentation and configuration settings to determine if the application server is configured to close user sessions after defined conditions or trigger events are met.

If the application server is not configured or cannot be configured to disconnect users after defined conditions and trigger events are met, this is a finding.

Vulnerability Number

V-57401

Documentable

False

Rule Version

SRG-APP-000295-AS-000263

Severity Override Guidance

Review application server documentation and configuration settings to determine if the application server is configured to close user sessions after defined conditions or trigger events are met.

If the application server is not configured or cannot be configured to disconnect users after defined conditions and trigger events are met, this is a finding.

Check Content Reference

M

Target Key

2388

Comments