| Vuln ID | Severity | Asset | STIG | Title | Status | Doc Status | Assigned To | Actions |
|---|---|---|---|---|---|---|---|---|
| V-206565 | CAT II | MONT-DB-002 | Database Security Requirements Guide | The DBMS must invalidate session identifiers upon ... | - | |||
Check TextReview DBMS settings and vendor documentation to verify user sessions are terminated, and session identifiers invalidated, upon user logout. If they are not, this is a finding. Review system documentation and organization policy to identify other events that should result in session terminations. If other session termination events are defined, review DBMS settings to verify occurrences of these events would cause session termination, invalidating the session identifiers. If occurrences of defined session terminating events do not cause session terminations, invalidating the session identifiers, this is a finding. Fix TextConfigure DBMS settings to terminate sessions, invalidating their session identifiers, upon user logout. Configure DBMS settings to terminate sessions, invalidating their session identifiers, upon the occurrence of any organization- or policy-defined session termination event. CommentsThe DBMS generates unique system-generated session identifiers for every database login connection. The session identifiers are invalidated upon user logout or for other session terminations. The DBMS is not accessible by a direct remote connection or URL.
Source: Montford Point ShipCLIP DB V4R4.ckl
Scan Date: 2026-03-06T12:50:21.809591
Technology Area: Database Review
|
||||||||