| Vuln ID | Severity | Asset | STIG | Title | Status | Doc Status | Assigned To | Actions |
|---|---|---|---|---|---|---|---|---|
| V-206580 | CAT II | MONT-DB-002 | Database Security Requirements Guide | The DBMS must automatically terminate a user sessi... | - | |||
Check TextReview system documentation to obtain the organization's definition of circumstances requiring automatic session termination. If the documentation explicitly states that such termination is not required or is prohibited, this is not a finding. If the documentation requires automatic session termination, but the DBMS is not configured accordingly, this is a finding. Fix TextConfigure the DBMS to automatically terminate a user session after organization-defined conditions or trigger events requiring session termination. CommentsThe DBMS does automatically terminate a user session. The organization-defined conditions are documented in Section 12.0 of the MSC IBS Access Control Policy 2.2. When a privileged user is logged out of DBMS server after 15 minutes of inactivity, the direct connection to the DBMS is automatically terminated. The Database is configured to logout non-privileged application users after 15 minutes of inactivity and privileged application users at 10 minutes of inactivity. Application users have no direct access to the DBMS.
Source: Montford Point ShipCLIP DB V4R4.ckl
Scan Date: 2026-03-06T12:50:21.809591
Technology Area: Database Review
|
||||||||