The TippingPoint SMS must limit total number of user sessions for privileged uses to a maximum of 10.

Severity	Group ID	Group Title	Version	Rule ID	Date	STIG Version
low	V-242232	SRG-APP-000001-NDM-000200	TIPP-NM-000011	SV-242232r960735_rule	2025-03-10	2

Description
Device management includes the ability to control the number of administrators and management sessions that manage a device. Limiting the number of currently allowed administrator sessions is a best practice that lowers the risk of DoS attacks.

ℹ️ Check
1. Log in to the SMS client. 2. Select >> "Edit" >> "Preferences". Select "Security" under "Session Preferences". 3. Verify the setting for the "limit number of total and user sessions" option is checked. 4. Verify the active sessions allowed on SMS option has a numeric value of 10 or less. If the TippingPoint SMS does not limit total number of user sessions for privileged uses to a maximum of 10, this is a finding.

ℹ️ Check

1. Log in to the SMS client. 2. Select >> "Edit" >> "Preferences". Select "Security" under "Session Preferences". 3. Verify the setting for the "limit number of total and user sessions" option is checked. 4. Verify the active sessions allowed on SMS option has a numeric value of 10 or less. If the TippingPoint SMS does not limit total number of user sessions for privileged uses to a maximum of 10, this is a finding.

✔️ Fix
1. Log in to the SMS client. 2. Select >> "Edit" >> "Preferences". Select "Security" under "Session Preferences". Click the check box for "Limit number of total and user sessions". 3. Type 10 or less for the number of active sessions allowed on SMS. 4. Click OK.