Check: CYLN-OP-000015
Arctic Wolf CylanceON-PREM STIG:
CYLN-OP-000015
(in version v1 r1)
Title
CylanceON-PREM must be configured to initiate a session timeout after 10 minutes of inactivity. (Cat II impact)
Discussion
Ensuring inactive sessions are terminated provides protection against misuse of the system. Satisfies: SRG-APP-000003, SRG-APP-000190, SRG-APP-000295
Check Content
Verify Session timeout. 1. Log in to the admin console. 2. Navigate to CONFIGURATION >> Settings. 3. Find Session Timeout. If the value is not set to 10 minutes, this is a finding.
Fix Text
Configure Session timeout. Administrator privileges are required to change Session timeout. 1. Log in to the admin console. 2. Navigate to CONFIGURATION >> Settings. 3. Find "Session Timeout". Click "Edit". 4. Set to 10 minutes. 5. Click "Apply".
Additional Identifiers
Rule ID: SV-272628r1113425_rule
Vulnerability ID: V-272628
Group Title: SRG-APP-000003
Expert Comments
CCIs
| Number | Definition |
|---|---|
| CCI-000057 |
Prevent further access to the system by initiating a device lock after organization-defined time period of inactivity; and/or requiring the user to initiate a device lock before leaving the system unattended. |
| CCI-001133 |
Terminate the network connection associated with a communications session at the end of the session or after an organization-defined time period of inactivity. |
| CCI-002361 |
Automatically terminate a user session after organization-defined conditions or trigger events requiring session disconnect. |