Detections
Analytics

800-53|AC-10

Title

CONCURRENT SESSION CONTROL

Description

The information system limits the number of concurrent sessions for each [Assignment: organization-defined account and/or account type] to [Assignment: organization-defined number].

Supplemental

Organizations may define the maximum number of concurrent sessions for information system accounts globally, by account type (e.g., privileged user, non-privileged user, domain, specific application), by account, or a combination. For example, organizations may limit the number of concurrent sessions for system administrators or individuals working in particularly sensitive domains or mission-critical applications. This control addresses concurrent sessions for information system accounts and does not address concurrent sessions by single users via multiple system accounts.

Reference Item Details

Category: ACCESS CONTROL

Family: ACCESS CONTROL

Priority: P3

Baseline Impact: HIGH

Audit Items

View all Reference Audit Items

NamePluginAudit Name
1.2.10 Set 'http Secure-server' limitCiscoCIS Cisco IOS XE 17.x v2.1.0 L1
1.2.10 Set 'http Secure-server' limitCiscoCIS Cisco IOS XE 16.x v2.1.0 L1
1.5.5 Ensure number of concurrent sessions is limitedUnixCIS Red Hat Enterprise Linux 7 STIG v2.0.0 STIG
3.1.14 Set maximum connection limits - 'max_connections <= 100'UnixCIS IBM DB2 OS L2 v1.2.0
3.1.14 Set maximum connection limits - 'max_coordagents <= 100'UnixCIS IBM DB2 OS L2 v1.2.0
3.1.14 Set maximum connection limits - 'maxappls <= 99'UnixCIS IBM DB2 OS L2 v1.2.0
4.2.12 Ensure sshd LoginGraceTime is configuredUnixCIS Ubuntu Linux 18.04 LTS v2.2.0 L1 Workstation
4.2.12 Ensure sshd LoginGraceTime is configuredUnixCIS Ubuntu Linux 18.04 LTS v2.2.0 L1 Server
4.2.13 Ensure sshd LoginGraceTime is configuredUnixCIS Oracle Linux 7 v4.0.0 L1 Workstation
4.2.13 Ensure sshd LoginGraceTime is configuredUnixCIS CentOS Linux 7 v4.0.0 L1 Workstation
4.2.13 Ensure sshd LoginGraceTime is configuredUnixCIS Red Hat Enterprise Linux 7 v4.0.0 L1 Server
4.2.13 Ensure sshd LoginGraceTime is configuredUnixCIS Red Hat Enterprise Linux 7 v4.0.0 L1 Workstation
4.2.13 Ensure sshd LoginGraceTime is configuredUnixCIS Amazon Linux 2 v3.0.0 L1
4.2.13 Ensure sshd LoginGraceTime is configuredUnixCIS Oracle Linux 7 v4.0.0 L1 Server
4.2.13 Ensure sshd LoginGraceTime is configuredUnixCIS CentOS Linux 7 v4.0.0 L1 Server
4.2.16 Ensure sshd MaxSessions is configuredUnixCIS Ubuntu Linux 18.04 LTS v2.2.0 L1 Server
4.2.16 Ensure sshd MaxSessions is configuredUnixCIS Ubuntu Linux 18.04 LTS v2.2.0 L1 Workstation
4.2.17 Ensure sshd MaxSessions is configuredUnixCIS CentOS Linux 7 v4.0.0 L1 Server
4.2.17 Ensure sshd MaxSessions is configuredUnixCIS Oracle Linux 7 v4.0.0 L1 Workstation
4.2.17 Ensure sshd MaxSessions is configuredUnixCIS Oracle Linux 7 v4.0.0 L1 Server
4.2.17 Ensure sshd MaxSessions is configuredUnixCIS Red Hat Enterprise Linux 7 v4.0.0 L1 Server
4.2.17 Ensure sshd MaxSessions is configuredUnixCIS Red Hat Enterprise Linux 7 v4.0.0 L1 Workstation
4.2.17 Ensure sshd MaxSessions is configuredUnixCIS Amazon Linux 2 v3.0.0 L1
4.2.17 Ensure sshd MaxSessions is configuredUnixCIS CentOS Linux 7 v4.0.0 L1 Workstation
4.2.21 Ensure SSH MaxSessions is set to 10 or lessUnixCIS Debian 10 Server L1 v2.0.0
4.2.21 Ensure SSH MaxSessions is set to 10 or lessUnixCIS Debian 10 Workstation L1 v2.0.0
5.2.17 Ensure sshd MaxStartups is configuredUnixCIS SUSE Linux Enterprise 12 v3.2.0 L1 Server
5.2.17 Ensure sshd MaxStartups is configuredUnixCIS SUSE Linux Enterprise 12 v3.2.0 L1 Workstation
5.2.18 Ensure sshd MaxSessions is configuredUnixCIS SUSE Linux Enterprise 12 v3.2.0 L1 Server
5.2.18 Ensure sshd MaxSessions is configuredUnixCIS SUSE Linux Enterprise 12 v3.2.0 L1 Workstation
5.5 Ensure per-account connection limits are usedPostgreSQLDBCIS PostgreSQL 14 DB v 1.2.0
5.5 Ensure per-account connection limits are usedPostgreSQLDBCIS PostgreSQL 13 DB v1.2.0
5.11 Disable ability to login to another user's active and locked sessionUnixCIS Apple OSX 10.11 El Capitan L1 v1.1.0
5.11 Disable ability to login to another user's active and locked sessionUnixCIS Apple OSX 10.10 Yosemite L1 v1.2.0
5.15 Disable Fast User SwitchingUnixCIS Apple OSX 10.11 El Capitan L2 v1.1.0
5.15 Disable Fast User SwitchingUnixCIS Apple OSX 10.10 Yosemite L2 v1.2.0
9.2 Ensure KeepAlive Is EnabledUnixCIS Apache HTTP Server 2.2 L1 v3.6.0 Middleware
Access Security - J-Web - Set session-limit restrictions suitable for your environmentJuniperJuniper Hardening JunOS 12 Devices Checklist
Access Security - SSH - Set connection-limit and rate-limit restrictions - connection-limitJuniperJuniper Hardening JunOS 12 Devices Checklist
AIX7-00-001004 - AIX must limit the number of concurrent sessions to 10 for all accounts and/or account types.UnixDISA STIG AIX 7.x v3r1
AOSX-14-000050 - The macOS system must limit the number of concurrent SSH sessions to 10 for all accounts and/or account types.UnixDISA STIG Apple Mac OSX 10.14 v2r6
ARST-ND-000010 - The Arista network device must limit the number of concurrent sessions to an organization-defined number for each administrator account and/or administrator account type.AristaDISA STIG Arista MLS EOS 4.2x NDM v2r1
AS24-W2-000010 - The Apache web server must limit the number of allowed simultaneous session requests.WindowsDISA STIG Apache Server 2.4 Windows Site v2r1
AS24-W2-000020 - The Apache web server must perform server-side session management.WindowsDISA STIG Apache Server 2.4 Windows Site v2r1
Big Sur - Limit Concurrent GUI Sessions to 10 for all AccountsUnixNIST macOS Big Sur v1.4.0 - 800-53r4 High
Big Sur - Limit Concurrent GUI Sessions to 10 for all AccountsUnixNIST macOS Big Sur v1.4.0 - 800-53r5 High
Big Sur - Limit Concurrent GUI Sessions to 10 for all AccountsUnixNIST macOS Big Sur v1.4.0 - All Profiles
BIND-9X-001051 - The BIND 9.x secondary name server must limit the total number of zones the name server can request at any one time.UnixDISA BIND 9.x STIG v2r3
BIND-9X-001052 - The BIND 9.x server implementation must limit the number of concurrent session client connections to the number of allowed dynamic update clients.UnixDISA BIND 9.x STIG v2r3
CASA-ND-000010 - The Cisco ASA must be configured to limit the number of concurrent management sessions to an organization-defined number.CiscoDISA STIG Cisco ASA NDM v2r2