Title

The Unified Communications Session Manager must limit the number of concurrent management sessions to three sessions. (Cat II impact)

Discussion

Network element management includes the ability to control the number of users and user sessions that use a network element. Limiting the number of allowed users and sessions per user is helpful in limiting risks related to DoS attacks. This requirement addresses concurrent sessions for information system accounts and does not address concurrent sessions by single users via multiple system accounts. The maximum number of concurrent sessions should be defined based upon mission needs and the operational environment for each system. This applies to network elements that have the concept of a user account and have the login function residing on the network element.

Check Content

Verify the Unified Communications Session Manager limits the number of concurrent management sessions. If the Unified Communications Session Manager does not limit the number of concurrent management sessions, this is a finding.

Fix Text

Configure the Unified Communications Session Manager to limit the number of concurrent management sessions.

Additional Identifiers

Rule ID: SRG-NET-000053-VVSM-00101_rule

Vulnerability ID: SRG-NET-000053-VVSM-00101

Group Title: SRG-NET-000053-VVSM-00101

Expert Comments

CCIs tied to check.

Controls tied to check. These are derived from the CCIs shown above.