The Dell OS10 Switch must limit the number of concurrent sessions to an organization-defined number for each administrator account and/or administrator account type.

Severity	Group ID	Group Title	Version	Rule ID	Date	STIG Version
medium	V-269768	SRG-APP-000001-NDM-000200	OS10-NDM-000010	SV-269768r1051689_rule	2024-12-11	1

Description
Device management includes the ability to control the number of administrators and management sessions that manage a device. Limiting the number of allowed administrators and sessions per administrator based on account type, role, or access type is helpful in limiting risks related to denial-of-service (DoS) attacks. This requirement addresses concurrent sessions for administrative accounts and does not address concurrent sessions by a single administrator via multiple administrative accounts. The maximum number of concurrent sessions should be defined based upon mission needs and the operational environment for each system. At a minimum, limits must be set for SSH, HTTPS, account of last resort, and root account sessions.

Description

Device management includes the ability to control the number of administrators and management sessions that manage a device. Limiting the number of allowed administrators and sessions per administrator based on account type, role, or access type is helpful in limiting risks related to denial-of-service (DoS) attacks. This requirement addresses concurrent sessions for administrative accounts and does not address concurrent sessions by a single administrator via multiple administrative accounts. The maximum number of concurrent sessions should be defined based upon mission needs and the operational environment for each system. At a minimum, limits must be set for SSH, HTTPS, account of last resort, and root account sessions.

ℹ️ Check
Review the network device configuration to verify if the device limits the number of concurrent sessions to an organization-defined number for all administrator accounts and/or administrator account types. Review the running-configuration. Verify the configuration includes "login concurrent-session limit" followed by the number of sessions defined by the organization. Note: The default concurrent session limit is 10, so if it is not displayed when viewing the configuration, the limit is set to 10. If the network device does not limit the number of concurrent sessions to an organization-defined number for each administrator account and/or administrator account type, this is a finding.

ℹ️ Check

Review the network device configuration to verify if the device limits the number of concurrent sessions to an organization-defined number for all administrator accounts and/or administrator account types. Review the running-configuration. Verify the configuration includes "login concurrent-session limit" followed by the number of sessions defined by the organization. Note: The default concurrent session limit is 10, so if it is not displayed when viewing the configuration, the limit is set to 10. If the network device does not limit the number of concurrent sessions to an organization-defined number for each administrator account and/or administrator account type, this is a finding.

✔️ Fix
Configure the network device to limit the number of concurrent sessions to an organization-defined number for all administrator accounts and/or administrator account types, as in the following example. OS10(config)# login concurrent-session limit 3