STIGQter: STIG Summary: DBN-6300 NDM Security Technical Implementation Guide Version: 1 Release: 1 Benchmark Date: 12 Sep 2017:

The DBN-6300 must terminate all network connections associated with a device management session at the end of the session, or the session must be terminated after 10 minutes of inactivity except to fulfill documented and validated mission requirements.

DISA Rule

SV-91671r1_rule

Vulnerability Number

V-76975

Group Title

SRG-APP-000190-NDM-000267

Rule Version

DBNW-DM-000071

Severity

CAT I

CCI(s)

• CCI-001133 - The information system terminates the network connection associated with a communications session at the end of the session or after an organization-defined time period of inactivity.

Weight

10

Fix Recommendation

Configure administrator accounts with a timeout setting.

Navigate to Settings >> Users.

Click on the wrench for an existing user.

In the "Edit User" popup box, enter a timeout value of "600".

Click on "Commit".

Check Contents

Verify administrator accounts are configured with a 10-minute timeout setting.

Navigate to Settings >> Users.

Click on the wrench for an existing user.

View each user defined on the device since there is no setting for a global value.

If a timeout value of "600" is not set for each administrator account configured on the device, this is a finding.

Vulnerability Number

V-76975

Documentable

False

Rule Version

DBNW-DM-000071

Severity Override Guidance

Verify administrator accounts are configured with a 10-minute timeout setting.

Navigate to Settings >> Users.

Click on the wrench for an existing user.

View each user defined on the device since there is no setting for a global value.

If a timeout value of "600" is not set for each administrator account configured on the device, this is a finding.

Check Content Reference

M

Target Key

2947

Comments