STIGQter: STIG Summary: VMware vRealize Operations Manager 6.x Application Security Technical Implementation Guide Version: 1 Release: 1 Benchmark Date: 28 Sep 2018:

The vRealize Operations server session timeout must be configured.

DISA Rule

SV-98857r1_rule

Vulnerability Number

V-88207

Group Title

SRG-APP-000220-AS-000148

Rule Version

VROM-AP-000295

Severity

CAT II

CCI(s)

• CCI-001185 - The information system invalidates session identifiers upon user logout or other session termination.

Weight

10

Fix Recommendation

To edit the session timeout, use the following steps:

1. Log on to the admin UI as the administrator.
2. Navigate to "Global Settings".
3. Select "Edit Global Settings".
4. Set the "Session Timeout:" setting to "15" minutes.
5. Select "OK".

Check Contents

Verify that the session timeout is set to "15" minutes with the following steps:

1. Log on to the admin UI as the administrator.
2. Navigate to "Global Settings".
3. Review the session timeout value in mins.

If the "Session Timeout:" setting is not "15" minutes, this is a finding.

Vulnerability Number

V-88207

Documentable

False

Rule Version

VROM-AP-000295

Severity Override Guidance

Verify that the session timeout is set to "15" minutes with the following steps:

1. Log on to the admin UI as the administrator.
2. Navigate to "Global Settings".
3. Review the session timeout value in mins.

If the "Session Timeout:" setting is not "15" minutes, this is a finding.

Check Content Reference

M

Target Key

3453

Comments