| Hostname | IP Address | Status | Assigned To | Last Scan | Actions |
|---|---|---|---|---|---|
| MONTPOINTGTWYRTR | 10.10.10.1 | 2026-01-14 | |||
Finding DetailsEvaluate-STIG 1.2507.5 (Scan-CiscoXERouterNDM_Checks) found this to be OPEN on 10/23/2025 ResultHash: EC2FCBD8253B86CFC2922A92FE8E178EA3988544 ~~~~~ IP HTTP Timeout Settings no ip http server no ip http secure-server http\https servers are disabled, http\https requirements are not applicable line con 0 privilege level 15 logging synchronous login authentication USER_AUTH stopbits 1 line con 0 exec-timeout is not configured. Default value of 10 is assumed Confirm value is correctly configured by checking against 'show running-config all' configuration file Line VTY Timeout Settings line vty 0 4 session-timeout 10 access-class vty_access in session-limit 3 logging synchronous transport preferred ssh transport input ssh transport output ssh ! exec-timeout is not configured. Default value of 10 is assumed Confirm value is correctly configured by checking against 'show running-config all' configuration file Comments |
|||||
Check Text
Review the Cisco router configuration to verify that all network connections associated with a device management have an idle timeout value set to five minutes or less as shown in the following example: ip http secure-server ip http timeout-policy idle 300 life nnnn requests nn … … … line con 0 exec-timeout 5 0 line vty 0 1 exec-timeout 5 0 If the Cisco router is not configured to terminate all network connections associated with a device management after five minutes of inactivity, this is a finding.
Fix Text
Set the idle timeout value to five minutes or less on all configured login classes as shown in the example below. R1(config)#line vty 0 1 R1(config-line)#exec-timeout 5 0 R1(config-line)#exit R1(config)#line con 0 R1(config-line)#exec-timeout 5 0 R1(config-line)#exit R2(config)#ip http timeout-policy idle 300 life nnnn requests nn