V-215833
CAT IThe Cisco router must be configured to terminate all network connections associated with device management after five minutes of inactivity.
- Ships Affected
- 1
- Total Findings
- 1
- Open
- 1
- Closed
- 0
Check Text
Review the Cisco router configuration to verify that all network connections associated with a device management have an idle timeout value set to five minutes or less as shown in the following example:
ip http secure-server
ip http timeout-policy idle 300 life nnnn requests nn
…
…
…
line con 0
exec-timeout 5 0
line vty 0 1
exec-timeout 5 0
If the Cisco router is not configured to terminate all network connections associated with a device management after five minutes of inactivity, this is a finding.
Fix Text
Set the idle timeout value to five minutes or less on all configured login classes as shown in the example below.
R1(config)#line vty 0 1
R1(config-line)#exec-timeout 5 0
R1(config-line)#exit
R1(config)#line con 0
R1(config-line)#exec-timeout 5 0
R1(config-line)#exit
R2(config)#ip http timeout-policy idle 300 life nnnn requests nn
STIG Reference
- STIG
- Cisco IOS XE Router NDM Security Technical Implementation Guide
- Version
- 3
- Release
- 7
- Rule ID
- SV-215833r961068_rule
All Occurrences
This vulnerability appears on 1 ship(s)
| Ship | Hull # | Source File | Status | Assigned To | Scan Date | Actions |
|---|---|---|---|---|---|---|
| USNS MONTFORD POINT | T-ESD-1 | _Reviewed/MONTPOINTGTWYRTR/Checklist/MONTPOINTGTWYRTR_CiscoXERtrNDM_V3R5_20251023-150045.ckl | Unassigned | 2026-01-14T12:57:25.013310 | View in Context |