Navigate

Check: SRG-OS-000029-VMM-000100

Virtual Machine Manager SRG: SRG-OS-000029-VMM-000100 (in versions v2 r2 through v1 r3)

Title

The VMM must initiate a session lock after a 15-minute period of inactivity. (Cat II impact)

Discussion

A session time-out lock is a temporary action taken when a user stops work and moves away from the immediate physical vicinity of the VMM but does not log out because of the temporary nature of the absence. Rather than relying on the user to manually lock their VMM session prior to vacating the vicinity, VMMs need to be able to identify when a user's session has idled and take action to initiate the session lock. The session lock is implemented at the point where session activity can be determined and/or controlled.

Check Content

Verify the VMM initiates a session lock after a 15-minute period of inactivity. If it does not, this is a finding.

Fix Text

Configure the VMM to initiate a session lock after a 15-minute period of inactivity.

Additional Identifiers

Rule ID: SV-207347r958402_rule

Vulnerability ID: V-207347

Group Title: SRG-OS-000029

Expert Comments

Expert comments are only available to logged-in users.

CCIs

CCIs tied to check.

Number	Definition
CCI-000057	Prevent further access to the system by initiating a device lock after organization-defined time period of inactivity; and/or requiring the user to initiate a device lock before leaving the system unattended.

Controls

Controls tied to check. These are derived from the CCIs shown above.

Number	Title
AC-11	Session Lock