Documentation - V-206581

V-206581

Database Security Requirements Guide

CAT II

Title

The DBMS must provide logout functionality to allow the user to manually terminate a session initiated by that user.

Description

<VulnDiscussion>If a user cannot explicitly end a DBMS session, the session may remain open and be exploited by an attacker; this is referred to as a zombie session. Such logout may be explicit or implicit. Examples of explicit are: clicking on a "Log Out" link or button in the application window; clicking the Windows Start button and selecting "Log Out" or "Shut Down." Examples of implicit logout are: closing the application's (main) window; powering off the workstation without invoking the OS...

Fix Text (Documentation Requirement)

Where relevant, modify the configuration to allow the user to manually terminate a session initiated by that user.

View Full STIG Details →

Documentation Status

Status

Documented Verified - link to a ship document Awaiting Review Evidence submitted, needs verification Pending Needs documentation Not Required Documentation not needed Not Applicable STIG doesn't apply

Notes (Optional)

Cancel