| AIX7-00-001004 - AIX must limit the number of concurrent sessions to 10 for all accounts and/or account types. | DISA STIG AIX 7.x v2r9 | Unix | ACCESS CONTROL |
| AOSX-14-000050 - The macOS system must limit the number of concurrent SSH sessions to 10 for all accounts and/or account types. | DISA STIG Apple Mac OSX 10.14 v2r6 | Unix | ACCESS CONTROL |
| AS24-U1-000010 - The Apache web server must limit the number of allowed simultaneous session requests. | DISA STIG Apache Server 2.4 Unix Server v3r1 | Unix | ACCESS CONTROL |
| AS24-W1-000010 - The Apache web server must limit the number of allowed simultaneous session requests. | DISA STIG Apache Server 2.4 Windows Server v3r1 | Windows | ACCESS CONTROL |
| AS24-W1-000020 - The Apache web server must perform server-side session management - session_module | DISA STIG Apache Server 2.4 Windows Server v2r3 | Windows | ACCESS CONTROL |
| AS24-W1-000020 - The Apache web server must perform server-side session management - usertrack_module | DISA STIG Apache Server 2.4 Windows Server v2r3 | Windows | ACCESS CONTROL |
| AS24-W2-000020 - The Apache web server must perform server-side session management. | DISA STIG Apache Server 2.4 Windows Site v2r1 | Windows | ACCESS CONTROL |
| BIND-9X-001050 - The BIND 9.x secondary name server must limit the number of zones requested from a single master name server. | DISA BIND 9.x STIG v2r3 | Unix | ACCESS CONTROL |
| BIND-9X-001052 - The BIND 9.x server implementation must limit the number of concurrent session client connections to the number of allowed dynamic update clients. | DISA BIND 9.x STIG v2r3 | Unix | ACCESS CONTROL |
| BIND-9X-001070 - A BIND 9.x master name server must limit the number of concurrent zone transfers between authorized secondary name servers. | DISA BIND 9.x STIG v2r3 | Unix | ACCESS CONTROL |
| CISC-ND-000010 - The Cisco router must be configured to limit the number of concurrent management sessions to an organization-defined number. | DISA STIG Cisco IOS Router NDM v3r1 | Cisco | ACCESS CONTROL |
| CISC-ND-000010 - The Cisco router must be configured to limit the number of concurrent management sessions to an organization-defined number. | DISA STIG Cisco IOS XE Router NDM v3r1 | Cisco | ACCESS CONTROL |
| DB2X-00-000200 - DB2 must limit the number of concurrent sessions to an organization-defined number per user for all accounts and/or account types. | DISA STIG IBM DB2 v10.5 LUW v2r1 Database | IBM_DB2DB | ACCESS CONTROL |
| ESXI-65-000001 - The ESXi host must limit the number of concurrent sessions to ten for all accounts and/or account types by enabling lockdown mode. | DISA STIG VMware vSphere ESXi 6.5 v2r4 | VMware | ACCESS CONTROL |
| ESXI-70-000001 - Access to the ESXi host must be limited by enabling lockdown mode. | DISA STIG VMware vSphere 7.0 ESXi v1r2 | VMware | ACCESS CONTROL |
| EX13-EG-000005 - Exchange must limit the Receive connector timeout. | DISA Microsoft Exchange 2013 Edge Transport Server STIG v1r6 | Windows | ACCESS CONTROL |
| IIST-SI-000202 - The IIS 10.0 website session state cookie settings must be configured to Use Cookies mode. | DISA IIS 10.0 Site v2r9 | Windows | ACCESS CONTROL |
| IIST-SV-000200 - The IIS 10.0 websites MaxConnections setting must be configured to limit the number of allowed simultaneous session requests. | DISA IIS 10.0 Server v3r1 | Windows | ACCESS CONTROL |
| JUSX-VN-000001 - The Juniper SRX Services Gateway VPN must limit the number of concurrent sessions for user accounts to one (1) and administrative accounts to three (3), or set to an organization-defined number. | DISA Juniper SRX Services Gateway VPN v3r1 | Juniper | ACCESS CONTROL |
| O112-C2-000100 - The DBMS must limit the number of concurrent sessions for each system account to an organization-defined number of sessions. | DISA STIG Oracle 11.2g v2r5 Database | OracleDB | ACCESS CONTROL |
| O112-C2-019100 - The DBMS must protect against or limit the effects of the organization-defined types of Denial of Service (DoS) attacks. | DISA STIG Oracle 11.2g v2r5 Windows | Windows | ACCESS CONTROL |
| O121-C2-000100 - The DBMS must limit the number of concurrent sessions for each system account to an organization-defined number of sessions. | DISA STIG Oracle 12c v3r1 Database | OracleDB | ACCESS CONTROL |
| OH12-1X-000004 - OHS must limit the number of threads within a worker process to limit the number of allowed simultaneous requests - ThreadsPerChild | DISA STIG Oracle HTTP Server 12.1.3 v2r2 | Unix | ACCESS CONTROL |
| OH12-1X-000005 - OHS must limit the number of worker processes to limit the number of allowed simultaneous requests. | DISA STIG Oracle HTTP Server 12.1.3 v2r2 | Unix | ACCESS CONTROL |
| OH12-1X-000049 - OHS must capture, record, and log all content related to a user session. | DISA STIG Oracle HTTP Server 12.1.3 v2r2 | Unix | ACCESS CONTROL |
| OH12-1X-000294 - OHS must have the LoadModule ossl_module directive enabled to implement required cryptographic protections using cryptographic modules complying with applicable federal laws, Executive Orders, directives, policies, regulations, standards, and guidance when encrypting data that must be compartmentalized. | DISA STIG Oracle HTTP Server 12.1.3 v2r2 | Unix | ACCESS CONTROL |
| OL07-00-040000 - The Oracle Linux operating system must limit the number of concurrent sessions to 10 for all accounts and/or account types. | DISA Oracle Linux 7 STIG v2r14 | Unix | ACCESS CONTROL |
| PGS9-00-001200 - PostgreSQL must limit the number of concurrent sessions to an organization-defined number per user for all accounts and/or account types. | DISA STIG PostgreSQL 9.x on RHEL DB v2r5 | PostgreSQLDB | ACCESS CONTROL |
| RHEL-06-000319 - The system must limit users to 10 simultaneous system logins, or a site-defined number, in accordance with operational requirements. | DISA Red Hat Enterprise Linux 6 STIG v2r2 | Unix | ACCESS CONTROL |
| RHEL-07-040000 - The Red Hat Enterprise Linux operating system must limit the number of concurrent sessions to 10 for all accounts and/or account types. | DISA Red Hat Enterprise Linux 7 STIG v3r15 | Unix | ACCESS CONTROL |
| SLES-12-010120 - The SUSE operating system must limit the number of concurrent sessions to 10 for all accounts and/or account types. | DISA SLES 12 STIG v2r13 | Unix | ACCESS CONTROL |
| SOL-11.1-040500 - The operating system must limit the number of concurrent sessions for each account to an organization-defined number of sessions. | DISA STIG Solaris 11 X86 v3r1 | Unix | ACCESS CONTROL |
| SQL4-00-000100 - The number of concurrent SQL Server sessions for each system account must be limited. | DISA STIG SQL Server 2014 Instance DB Audit v2r4 | MS_SQLDB | ACCESS CONTROL |
| SQL6-D0-003600 - SQL Server must limit the number of concurrent sessions to an organization-defined number per user for all accounts and/or account types. | DISA STIG SQL Server 2016 Instance DB Audit v3r1 | MS_SQLDB | ACCESS CONTROL |
| SRG-OS-000027-ESXI5 - The SSH daemon must limit connections to a single session. | DISA STIG VMWare ESXi Server 5 STIG v2r1 | VMware | ACCESS CONTROL |
| TCAT-AS-000010 - The number of allowed simultaneous sessions to the manager application must be limited. | DISA STIG Apache Tomcat Application Server 9 v3r1 Middleware | Unix | ACCESS CONTROL |
| UBTU-16-010070 - The Ubuntu operating system must limit the number of concurrent sessions to ten for all accounts and/or account types. | DISA STIG Ubuntu 16.04 LTS v2r3 | Unix | ACCESS CONTROL |
| VCEM-70-000004 - ESX Agent Manager must protect cookies from cross-site scripting (XSS). | DISA STIG VMware vSphere 7.0 EAM Tomcat v1r2 | Unix | ACCESS CONTROL, SYSTEM AND COMMUNICATIONS PROTECTION |
| VCFL-67-000004 - vSphere Client must protect cookies from XSS. | DISA STIG VMware vSphere 6.7 Virgo Client v1r2 | Unix | ACCESS CONTROL, SYSTEM AND COMMUNICATIONS PROTECTION |
| VCLU-70-000004 - Lookup Service must protect cookies from cross-site scripting (XSS) - XSS. | DISA STIG VMware vSphere 7.0 Lookup Service v1r2 | Unix | ACCESS CONTROL, SYSTEM AND COMMUNICATIONS PROTECTION |
| VCST-67-000004 - The Security Token Service must protect cookies from XSS. | DISA STIG VMware vSphere 6.7 STS Tomcat v1r3 | Unix | ACCESS CONTROL, SYSTEM AND COMMUNICATIONS PROTECTION |
| VCST-70-000004 - The Security Token Service must protect cookies from cross-site scripting (XSS). | DISA STIG VMware vSphere 7.0 STS Tomcat v1r2 | Unix | ACCESS CONTROL, SYSTEM AND COMMUNICATIONS PROTECTION |
