Documentation - V-204777

V-204777

Application Server Security Requirements Guide

CAT II

Title

The application server must automatically terminate a user session after organization-defined conditions or trigger events requiring a session disconnect.

Description

<VulnDiscussion>An attacker can take advantage of user sessions that are left open, thus bypassing the user authentication process. To thwart the vulnerability of open and unused user sessions, the application server must be configured to close the sessions when a configured condition or trigger event is met. Session termination terminates all processes associated with a user's logical session except those processes that are specifically created by the user (i.e., session owner) to continue af...

Fix Text (Documentation Requirement)

Configure the application server to terminate user sessions on defined conditions or trigger events.

View Full STIG Details →

Documentation Status

Status

Documented Verified - link to a ship document Awaiting Review Evidence submitted, needs verification Pending Needs documentation Not Required Documentation not needed Not Applicable STIG doesn't apply

Notes (Optional)

Cancel