1.8.3 Ensure 'HTTP idle timeout' is less than or equal to '5' minutes

Information

Sets the timeout for an HTTP session idle before the security appliance terminates it.

Rationale:

Limiting session idle timeout prevents unauthorized users from using abandoned sessions to perform malicious activities.

Solution

Step 1: Run the following to set the HTTP timeout to less than or equal to 5 minutes

hostname(config)# http server idle-timeout 5

Default Value:

The default session timeout value is 20 minutes.

See Also

https://workbench.cisecurity.org/files/3246

Item Details

Category: CONFIGURATION MANAGEMENT

References: 800-53|CM-2, CSCv7|11.1

Plugin: Cisco

Control ID: 07c0caef4d6bd6775a8232fa6f15d656ab1c1aced7ffa2e8c1b76a3afe8aaf66