Documentation - V-222549

V-222549

Application Security and Development Security Technical Implementation Guide

CAT II

Title

The application must terminate existing user sessions upon account deletion.

Description

<VulnDiscussion>The application must ensure that a user does not retain any rights that may have been granted or retain access to the application after the user's authorization or role within the application has been deleted or modified. This means once a user's role/account within the application has been modified, deleted or disabled, the changes must be enforced immediately within the application. Any privileges or access the user had prior to the change must not be retained. For example; ...

Fix Text (Documentation Requirement)

Configure the application to terminate existing sessions of users whose accounts are deleted.

View Full STIG Details →

Documentation Status

Status

Documented Verified - link to a ship document Awaiting Review Evidence submitted, needs verification Pending Needs documentation Not Required Documentation not needed Not Applicable STIG doesn't apply

Notes (Optional)

Cancel