Documentation - V-270497

V-270497

Oracle Database 19c Security Technical Implementation Guide

CAT II

Title

Oracle Database must automatically terminate a user session after organization-defined conditions or trigger events requiring session disconnect.

Description

<VulnDiscussion>This addresses the termination of user-initiated logical sessions in contrast to the termination of network connections associated with communications sessions (i.e., network disconnect). A logical session (for local, network, and remote access) is initiated whenever a user (or process acting on behalf of a user) accesses an organizational information system. Such user sessions can be terminated (and thus terminate user access) without terminating network sessions. Session term...

Fix Text (Documentation Requirement)

Configure the database management system (DBMS) to automatically terminate a user session after organization-defined conditions, 15 minutes, or a trigger event requiring session termination. To terminate a session after a certain amount of time independent of the consumed resources needed by other users, then set the MAX_IDLE_TIME initialization parameter. The MAX_IDLE_TIME parameter specifies the maximum number of minutes a session can be idle. After the specified amount of time, MAX_IDLE_TIME kills sessions. ALTER SYSTEM SET max_idle_time = 15 COMMENT = 'Altered <date> for STIG compliance' -- self documenting SID = '*' -- required for RAC SCOPE = BOTH;

View Full STIG Details →

Documentation Status

Status

Documented Verified - link to a ship document Awaiting Review Evidence submitted, needs verification Pending Needs documentation Not Required Documentation not needed Not Applicable STIG doesn't apply

Notes (Optional)

Cancel