STIGQter: STIG Summary: Riverbed SteelHead CX v8 NDM Security Technical Implementation Guide Version: 1 Release: 2 Benchmark Date: 25 Oct 2019:

Riverbed Optimization System (RiOS) must limit the number of concurrent sessions to one (1) for each administrator account and/or administrator account type.

DISA Rule

SV-77357r1_rule

Vulnerability Number

V-62867

Group Title

SRG-APP-000001-NDM-000200

Rule Version

RICX-DM-000034

Severity

CAT II

CCI(s)

• CCI-000054 - The information system limits the number of concurrent sessions for each organization-defined account and/or account type to an organization-defined number of sessions.

Weight

10

Fix Recommendation

Configure the number of concurrent sessions to an organization define number for each administrator account and/or administrator type account.

Navigate to the device CLI
Type: enable
Type: conf t
Type: authentication policy user <user name> max-logins 1
Type: write memory

Settings are now saved to memory.

Check Contents

Verify that RiOS is configured to limit the number of concurrent sessions to one (1) for each administrator account and/or administrator account type. This requirement does not apply to the Admin account.

Navigate to the device CLI
Type: enable
Type: show username <user-other-than-admin> detailed

Verify that "Maximum Logins" is set to "1"

If "Maximum Logins" is not set to "1", this is a finding.

Vulnerability Number

V-62867

Documentable

False

Rule Version

RICX-DM-000034

Severity Override Guidance

Verify that RiOS is configured to limit the number of concurrent sessions to one (1) for each administrator account and/or administrator account type. This requirement does not apply to the Admin account.

Navigate to the device CLI
Type: enable
Type: show username <user-other-than-admin> detailed

Verify that "Maximum Logins" is set to "1"

If "Maximum Logins" is not set to "1", this is a finding.

Check Content Reference

M

Target Key

2931

Comments