V-206519
Database Security Requirements Guide
Title
The DBMS must limit the number of concurrent sessions to an organization-defined number per user for all accounts and/or account types.
Description
<VulnDiscussion>Database management includes the ability to control the number of users and user sessions utilizing a DBMS. Unlimited concurrent connections to the DBMS could allow a successful Denial of Service (DoS) attack by exhausting connection resources; and a system can also fail or be degraded by an overload of legitimate users. Limiting the number of concurrent sessions per user is helpful in reducing these risks. This requirement addresses concurrent session control for a single accou...
Fix Text (Documentation Requirement)
If the DBMS is capable of enforcing this restriction, but is not configured to do so, configure it to do so. (This may involve the development of one or more triggers.) If it is not technically feasible for the DBMS to enforce this restriction, and the application(s) and supporting software are not configured to do so, configure them to do so. If the value for any type of user account is not set, determine the correct value and set it. If a value is set but is not equal to the value specified for the type of user, determine the correct value, set it, and update the documentation, as appropriate.