An error occurred:

Check: HMC0150

IBM Hardware Management Console (HMC) STIG: HMC0150 (in versions v2 r1 through v1 r5)

Title

The terminal or workstation must lock out after a maximum of 15 minutes of inactivity, requiring the account password to resume. (Cat II impact)

Discussion

If the system, workstation, or terminal does not lock the session after more than15 minutes of inactivity, requiring a password to resume operations, the system or individual data could be compromised by an alert intruder who could exploit the oversight.

Check Content

Have the System Administrator display the User Properties window on the Hardware Management Console and check that the timeout minutes are set to a maximum of 15. If the Verify Timeout minutes are set to more than 15, then this is a FINDING.

Fix Text

The System Administrator will display the User Properties window and will ensure that the Verify timeout minutes are set to a maximum of 15.

Additional Identifiers

Rule ID: SV-256883r958402_rule

Vulnerability ID: V-256883

Group Title: SRG-OS-000029-GPOS-00010

Expert Comments

Expert comments are only available to logged-in users.

CCIs

CCIs tied to check.
Number Definition
CCI-000057

Prevent further access to the system by initiating a device lock after organization-defined time period of inactivity; and/or requiring the user to initiate a device lock before leaving the system unattended.

Controls

Controls tied to check. These are derived from the CCIs shown above.
Number Title
AC-11

Session Lock