800-53|AC-10

Title

CONCURRENT SESSION CONTROL

Description

The information system limits the number of concurrent sessions for each [Assignment: organization-defined account and/or account type] to [Assignment: organization-defined number].

Supplemental

Organizations may define the maximum number of concurrent sessions for information system accounts globally, by account type (e.g., privileged user, non-privileged user, domain, specific application), by account, or a combination. For example, organizations may limit the number of concurrent sessions for system administrators or individuals working in particularly sensitive domains or mission-critical applications. This control addresses concurrent sessions for information system accounts and does not address concurrent sessions by single users via multiple system accounts.

Reference Item Details

Reference: NIST 800-53 - Security and Privacy Controls for Federal Information Systems and Organizations

Category: ACCESS CONTROL

Family: ACCESS CONTROL

Priority: P3

Baseline Impact: HIGH

Audit Items

View all Reference Audit Items

Name	Plugin	Audit Name
1.2.10 Set 'http Secure-server' limit	Cisco	CIS Cisco IOS XE 16.x v2.1.0 L1
1.2.10 Set 'http Secure-server' limit	Cisco	CIS Cisco IOS XE 17.x v2.1.0 L1
1.2.11 Set 'http Secure-server' limit	Cisco	CIS Cisco IOS 16 L1 v1.1.0
1.4.2.6 Disable 'Enable fast user switching'	Unix	CIS Apple OSX 10.6 Snow Leopard L2 v1.0.0
1.4.6.2 Disable users or admins to login to another users active and locked session	Unix	CIS Apple OSX 10.6 Snow Leopard L1 v1.0.0
1.5.5 Ensure number of concurrent sessions is limited	Unix	CIS Red Hat Enterprise Linux 7 STIG v2.0.0 STIG
3.1.11 Set maximum connection limits - MAX_CONNECTIONS	Unix	CIS IBM DB2 v10 v1.1.0 Linux OS Level 2
3.1.11 Set maximum connection limits - MAX_CONNECTIONS	Unix	CIS IBM DB2 v10 v1.1.0 Linux OS Level 1
3.1.11 Set maximum connection limits - MAX_COORDAGENTS	Unix	CIS IBM DB2 v10 v1.1.0 Linux OS Level 1
3.1.11 Set maximum connection limits - MAX_COORDAGENTS	Unix	CIS IBM DB2 v10 v1.1.0 Linux OS Level 2
3.1.11 Set maximum connection limits - MAXAPPLS	Unix	CIS IBM DB2 v10 v1.1.0 Linux OS Level 2
3.1.11 Set maximum connection limits - MAXAPPLS	Unix	CIS IBM DB2 v10 v1.1.0 Linux OS Level 1
3.1.12 Set maximum connection limits - MAX_CONNECTIONS	Unix	CIS v1.1.0 IBM DB2 v10 Linux OS Level 1
3.1.12 Set maximum connection limits - MAX_CONNECTIONS	Unix	CIS v1.1.0 IBM DB2 v10 Linux OS Level 2
3.1.12 Set maximum connection limits - MAX_COORDAGENTS	Unix	CIS v1.1.0 IBM DB2 v10 Linux OS Level 1
3.1.12 Set maximum connection limits - MAX_COORDAGENTS	Unix	CIS v1.1.0 IBM DB2 v10 Linux OS Level 2
3.1.12 Set maximum connection limits - MAXAPPLS	Unix	CIS v1.1.0 IBM DB2 v10 Linux OS Level 2
3.1.12 Set maximum connection limits - MAXAPPLS	Unix	CIS v1.1.0 IBM DB2 v10 Linux OS Level 1
3.1.14 Set maximum connection limits - 'max_connections <= 100'	Unix	CIS IBM DB2 OS L2 v1.2.0
3.1.14 Set maximum connection limits - 'max_coordagents <= 100'	Unix	CIS IBM DB2 OS L2 v1.2.0
3.1.14 Set maximum connection limits - 'maxappls <= 99'	Unix	CIS IBM DB2 OS L2 v1.2.0
3.1.14 Set maximum connection limits - MAX_CONNECTIONS	IBM_DB2DB	CIS IBM DB2 9 Benchmark v3.0.1 Level 2 DB
3.1.14 Set maximum connection limits - MAX_CONNECTIONS	IBM_DB2DB	CIS IBM DB2 9 Benchmark v3.0.1 Level 1 DB
3.1.14 Set maximum connection limits - MAX_COORDAGENTS	IBM_DB2DB	CIS IBM DB2 9 Benchmark v3.0.1 Level 1 DB
3.1.14 Set maximum connection limits - MAX_COORDAGENTS	IBM_DB2DB	CIS IBM DB2 9 Benchmark v3.0.1 Level 2 DB
4.000 - The system must limit the number of concurrent sessions to 10 for all accounts and/or account types.	Unix	Tenable Fedora Linux Best Practices v2.0.0
4.1.12 Set Maximum Number of Applications (MAXAPPLS)	Unix	CIS IBM DB2 11 v1.1.0 Linux OS Level 1
4.2.12 Ensure sshd LoginGraceTime is configured	Unix	CIS Oracle Linux 8 Server L1 v3.0.0
4.2.12 Ensure sshd LoginGraceTime is configured	Unix	CIS Ubuntu Linux 18.04 LTS v2.2.0 L1 Workstation
4.2.12 Ensure sshd LoginGraceTime is configured	Unix	CIS Rocky Linux 8 Server L1 v2.0.0
4.2.12 Ensure sshd LoginGraceTime is configured	Unix	CIS Red Hat EL8 Server L1 v3.0.0
4.2.12 Ensure sshd LoginGraceTime is configured	Unix	CIS Oracle Linux 8 Workstation L1 v3.0.0
4.2.12 Ensure sshd LoginGraceTime is configured	Unix	CIS AlmaLinux OS 8 Server L1 v3.0.0
4.2.12 Ensure sshd LoginGraceTime is configured	Unix	CIS AlmaLinux OS 8 Workstation L1 v3.0.0
4.2.12 Ensure sshd LoginGraceTime is configured	Unix	CIS Ubuntu Linux 18.04 LTS v2.2.0 L1 Server
4.2.12 Ensure sshd LoginGraceTime is configured	Unix	CIS Red Hat EL8 Workstation L1 v3.0.0
4.2.12 Ensure sshd LoginGraceTime is configured	Unix	CIS Rocky Linux 8 Workstation L1 v2.0.0
4.2.13 Ensure sshd LoginGraceTime is configured	Unix	CIS CentOS Linux 7 v4.0.0 L1 Workstation
18.9.58.3.2.1 Ensure 'Restrict Remote Desktop Services users to a single Remote Desktop Services session' is set to 'Enabled'	Windows	CIS Microsoft Windows Server 2008 Member Server Level 2 v3.1.0
18.9.58.3.2.1 Ensure 'Restrict Remote Desktop Services users to a single Remote Desktop Services session' is set to 'Enabled'	Windows	CIS Windows Server 2012 MS L2 v2.1.0
18.9.58.3.2.1 Ensure 'Restrict Remote Desktop Services users to a single Remote Desktop Services session' is set to 'Enabled'	Windows	CIS Windows Server 2012 DC L2 v2.1.0
18.9.58.3.2.1 Ensure 'Restrict Remote Desktop Services users to a single Remote Desktop Services session' is set to 'Enabled'	Windows	CIS Microsoft Windows Server 2008 R2 Domain Controller Level 2 v3.1.0
18.9.58.3.2.1 Ensure 'Restrict Remote Desktop Services users to a single Remote Desktop Services session' is set to 'Enabled'	Windows	CIS Microsoft Windows Server 2008 Domain Controller Level 2 v3.1.0
18.9.58.3.2.1 Ensure 'Restrict Remote Desktop Services users to a single Remote Desktop Services session' is set to 'Enabled'	Windows	CIS Microsoft Windows Server 2008 R2 Member Server Level 2 v3.1.0
18.9.59.3.2.1 Ensure 'Restrict Remote Desktop Services users to a single Remote Desktop Services session' is set to 'Enabled'	Windows	CIS Microsoft Windows Server 2016 MS L2 v1.2.0
18.9.59.3.2.1 Ensure 'Restrict Remote Desktop Services users to a single Remote Desktop Services session' is set to 'Enabled'	Windows	CIS Windows Server 2012 R2 DC L2 v2.4.0
18.9.59.3.2.1 Ensure 'Restrict Remote Desktop Services users to a single Remote Desktop Services session' is set to 'Enabled'	Windows	CIS Windows Server 2016 DC L2 v1.2.0
18.9.59.3.2.1 Ensure 'Restrict Remote Desktop Services users to a single Remote Desktop Services session' is set to 'Enabled'	Windows	CIS Windows Server 2012 R2 MS L2 v2.4.0
18.9.63.3.2.1 Ensure 'Restrict Remote Desktop Services users to a single Remote Desktop Services session' is set to 'Enabled'	Windows	CIS Windows Server 2012 R2 DC L2 v2.5.0
18.9.63.3.2.1 Ensure 'Restrict Remote Desktop Services users to a single Remote Desktop Services session' is set to 'Enabled'	Windows	CIS Windows Server 2012 R2 MS L2 v2.5.0

Detections

Analytics