STIGQter: STIG Summary: MS SQL Server 2014 Instance Security Technical Implementation Guide Version: 1 Release: 10 Benchmark Date: 24 Apr 2020:

SQL Server must automatically terminate a user session after organization-defined conditions or trigger events requiring session disconnect.

DISA Rule

SV-82373r1_rule

Vulnerability Number

V-67883

Group Title

SRG-APP-000295-DB-000305

Rule Version

SQL4-00-031700

Severity

CAT II

CCI(s)

• CCI-002361 - The information system automatically terminates a user session after organization-defined conditions or trigger events requiring session disconnect.

Weight

10

Fix Recommendation

Configure SQL Server, Windows and/or third-party tools to automatically terminate a user session after organization-defined conditions or trigger events requiring session termination.

Check Contents

Review system documentation to obtain the organization's definition of circumstances requiring automatic session termination.

If the documentation explicitly states that such termination is not required or is prohibited, this is not a finding.

If the documentation requires automatic session termination, but SQL Server and Windows (or third-party tools) are not configured accordingly, this is a finding.

Vulnerability Number

V-67883

Documentable

False

Rule Version

SQL4-00-031700

Severity Override Guidance

Review system documentation to obtain the organization's definition of circumstances requiring automatic session termination.

If the documentation explicitly states that such termination is not required or is prohibited, this is not a finding.

If the documentation requires automatic session termination, but SQL Server and Windows (or third-party tools) are not configured accordingly, this is a finding.

Check Content Reference

M

Target Key

2639

Comments