Documentation - V-223757

Title

IBM z/OS must configure system wait times to protect resource availability based on site priorities.

Description

<VulnDiscussion>Automatic session termination addresses the termination of user-initiated logical sessions in contrast to the termination of network connections that are associated with communications sessions (i.e., network disconnect). A logical session (for local, network, and remote access) is initiated whenever a user (or process acting on behalf of a user) accesses an organizational information system. Such user sessions can be terminated (and thus terminate user access) without terminatin...

Fix Text (Documentation Requirement)

Configure the SMFPRMxx JWT to "15" minutes for classified systems. The JWT parameter can be greater than "15" minutes if the system is processing unclassified information and the following items are reviewed: -If a session is not terminated, but instead is locked out after "15" minutes of inactivity, a process must be in place that requires user identification and authentication before the session is unlocked. Session lock-out will be implemented through system controls or terminal screen protections. -A system's default time for terminal lock-out or session termination may be lengthened to "30" minutes at the discretion of the ISSM or ISSO. The ISSM and/or ISSO will maintain the documentation for each system with a time-out adjusted beyond the 15-minute recommendation to explain the bas...