The Cisco ISE must terminate all network connections associated with a device management session at the end of the session, or the session must be terminated after five minutes of inactivity except to fulfill documented and validated mission requirements.
Severity | Group ID | Group Title | Version | Rule ID | Date | STIG Version |
|---|---|---|---|---|---|---|
| high | V-242657 | SRG-APP-000190-NDM-000267 | CSCO-NM-000520 | SV-242657r961068_rule | 2024-09-10 | 2 |
| Description |
|---|
| Terminating an idle session within a short time period reduces the window of opportunity for unauthorized personnel to take control of a management session enabled on the console or console port that has been left unattended. |
| ℹ️ Check |
|---|
| From the CLI EXEC mode, type show terminal. From the GUI, navigate to Administration >> System >> Admin Access >> Settings >> Session. View the session timeout setting. If the terminal and administration setting is not set to six minutes or less, this is a finding. |
| ✔️ Fix |
|---|
| Configure Session Timeout for Administrators. 1. Choose Administration >> System >> Admin Access >> Settings >> Session >> Session Timeout. 2. Type "6". 3. Click "Save". |