STIGQter: STIG Summary: Trend Micro Deep Security 9.x Security Technical Implementation Guide Version: 1 Release: 1 Benchmark Date: 26 Feb 2016:

Trend Deep Security must initiate a session lock after a 15-minute period of inactivity.

DISA Rule

SV-80349r1_rule

Vulnerability Number

V-65859

Group Title

SRG-APP-000003

Rule Version

TMDS-00-000010

Severity

CAT II

CCI(s)

• CCI-000057 - The information system initiates a session lock after the organization-defined time period of inactivity.

Weight

10

Fix Recommendation

Configure the Trend Deep Security server to initiate a session lock after a 15-minute period of inactivity.

Set the Session Timeout to 15 minutes or less.

Administration >> Security >> User Security >> Session Timeout: 10 Minutes

Check Contents

Review the Trend Deep Security server configuration to ensure a session lock is initiated after a 15-minute period of inactivity.

Review the application System Settings, to ensure the system timeout is set to 15 minutes or less.

If the timeout session is not set to 15 minutes or less this is a finding.

Administration >> System Settings >> Security >> User Security >> Session Timeout: 10 Minutes

Vulnerability Number

V-65859

Documentable

False

Rule Version

TMDS-00-000010

Severity Override Guidance

Review the Trend Deep Security server configuration to ensure a session lock is initiated after a 15-minute period of inactivity.

Review the application System Settings, to ensure the system timeout is set to 15 minutes or less.

If the timeout session is not set to 15 minutes or less this is a finding.

Administration >> System Settings >> Security >> User Security >> Session Timeout: 10 Minutes

Check Content Reference

M

Target Key

2955

Comments