Check: SRG-APP-000003-NDM-000202
Network Device Management SRG:
SRG-APP-000003-NDM-000202
(in versions v4 r3 through v2 r7)
Title
The network device must initiate a session lock after a 15-minute period of inactivity. (Cat II impact)
Discussion
A session lock is a temporary network device or administrator-initiated action taken when the administrator stops work but does not log out of the network device. Rather than relying on the user to manually lock their management session prior to vacating the vicinity, network devices need to be able to identify when a management session has idled and take action to initiate the session lock. Once invoked, the session lock shall remain in place until the administrator re-authenticates. No other system activity aside from re-authentication shall unlock the management session. Note that CCI-001133 requires that administrative network sessions be disconnected after 10 minutes of idle time. So this requirement may only apply to local administrative sessions.
Check Content
Review the network device configuration to see if it initiates a session lock after a 15-minute period of inactivity. This may be verified by configuration check or demonstration. If a session lock is not initiated after a 15-minute period of inactivity, this is a finding.
Fix Text
Configure the network device to initiate a session lock after a 15-minute period of inactivity.
Additional Identifiers
Rule ID: SV-202007r879513_rule
Vulnerability ID: V-202007
Group Title: SRG-APP-000003
Expert Comments
CCIs
Number | Definition |
---|---|
CCI-000057 |
The information system initiates a session lock after the organization-defined time period of inactivity. |
Controls
Number | Title |
---|---|
AC-11 |
Session Lock |