The TippingPoint SMS must limit the maximum number of concurrent active sessions to one for the account of last resort.
Severity | Group ID | Group Title | Version | Rule ID | Date | STIG Version |
|---|---|---|---|---|---|---|
| low | V-242231 | SRG-APP-000001-NDM-000200 | TIPP-NM-000010 | SV-242231r960735_rule | 2025-03-10 | 2 |
| Description |
|---|
| Limiting the number of allowed administrators and sessions per administrator based on account type, role, or access type is helpful in limiting risks related to DoS attacks. This requirement addresses concurrent sessions for administrative accounts and does not address concurrent sessions by a single administrator via multiple administrative accounts. The maximum number of concurrent sessions is defined by DoD as one based on operational environment for each system. |
| ℹ️ Check |
|---|
| 1. Log in to the SMS client. 2. Select >> "Edit" >> "Preferences". Select "Security" under "Session Preferences". 3. Verify the setting for the "limit number of total and user sessions" option is checked. 4. Verify the active sessions allowed for a user option has a numeric value of 1. If the TippingPoint SMS does limit the maximum number of concurrent active sessions to one for the account of last resort, this is a finding. |
| ✔️ Fix |
|---|
| 1. Log in to the SMS client. 2. Select >> "Edit" >> "Preferences". Select "Security" under "Session Preferences". Click the check box for "Limit number of total and user sessions". 3. Type 1 for the number of active sessions allowed for a user. 4. Click OK. |