800-53|SC-10

Title

NETWORK DISCONNECT

Description

The information system terminates the network connection associated with a communications session at the end of the session or after [Assignment: organization-defined time period] of inactivity.

Supplemental

This control applies to both internal and external networks. Terminating network connections associated with communications sessions include, for example, de-allocating associated TCP/IP address/port pairs at the operating system level, or de-allocating networking assignments at the application level if multiple application sessions are using a single, operating system-level network connection. Time periods of inactivity may be established by organizations and include, for example, time periods by type of network access or for specific network accesses.

Reference Item Details

Category: SYSTEM AND COMMUNICATIONS PROTECTION

Family: SYSTEM AND COMMUNICATIONS PROTECTION

Priority: P2

Baseline Impact: MODERATE,HIGH

Audit Items

View all Reference Audit Items

NamePluginAudit Name
2.1.6 Set 'service tcp-keepalives-in'CiscoCIS Cisco IOS 12 L1 v4.0.0
2.1.7 Set 'service tcp-keepalives-out'CiscoCIS Cisco IOS 12 L1 v4.0.0
2.2.6 Ensure 'Send connector timeout' is set to '10'WindowsCIS Microsoft Exchange Server 2019 L1 Mailbox v1.0.0
2.2.7 Ensure 'Receive connector timeout' is set to '5'WindowsCIS Microsoft Exchange Server 2019 L1 Mailbox v1.0.0
3.074 - The system is not configured to force users to log off when their allowed logon hours expire.WindowsDISA Windows Vista STIG v6r41
4.006 - Users must be forcibly disconnected when their logon hours expire.WindowsDISA Windows Vista STIG v6r41
4.23 sqlnet.ora - 'sqlnet.inbound_connect_timeout = 3'UnixCIS v1.1.0 Oracle 11g OS L2
4.028 - The amount of idle time required before suspending a session must be properly set.WindowsDISA Windows Vista STIG v6r41
5.3.19 Ensure SSH Idle Timeout Interval is configured - ClientAliveCountMaxUnixCIS Red Hat Enterprise Linux 7 STIG v2.0.0 STIG
5.3.19 Ensure SSH Idle Timeout Interval is configured - ClientAliveIntervalUnixCIS Red Hat Enterprise Linux 7 STIG v2.0.0 STIG
5.5.4 Ensure default user shell timeout is configuredUnixCIS Red Hat Enterprise Linux 7 STIG v2.0.0 STIG
5.046 - Terminal Services is not configured to set a time limit for disconnected sessions.WindowsDISA Windows Vista STIG v6r41
5.047 - Terminal Services idle session time limit does not meet the requirement.WindowsDISA Windows Vista STIG v6r41
AIX7-00-002105 - AIX must config the SSH idle timeout interval.UnixDISA STIG AIX 7.x v3r1
AIX7-00-003003 - AIX must set inactivity time-out on login sessions and terminate all login sessions after 10 minutes of inactivity.UnixDISA STIG AIX 7.x v3r1
AOSX-13-000720 - The macOS system must be configured with the SSH daemon ClientAliveInterval option set to 900 or less.UnixDISA STIG Apple Mac OSX 10.13 v2r5
AOSX-13-000721 - The macOS system must be configured with the SSH daemon ClientAliveCountMax option set to 0.UnixDISA STIG Apple Mac OSX 10.13 v2r5
AOSX-13-000722 - The macOS system must be configured with the SSH daemon LoginGraceTime set to 30 or less.UnixDISA STIG Apple Mac OSX 10.13 v2r5
AOSX-14-000051 - The macOS system must be configured with the SSH daemon ClientAliveInterval option set to 900 or less.UnixDISA STIG Apple Mac OSX 10.14 v2r6
AOSX-14-000052 - The macOS system must be configured with the SSH daemon ClientAliveCountMax option set to 0.UnixDISA STIG Apple Mac OSX 10.14 v2r6
AOSX-14-000053 - The macOS system must be configured with the SSH daemon LoginGraceTime set to 30 or less.UnixDISA STIG Apple Mac OSX 10.14 v2r6
AOSX-15-000051 - The macOS system must be configured with the SSH daemon ClientAliveInterval option set to 900 or less.UnixDISA STIG Apple Mac OSX 10.15 v1r10
AOSX-15-000052 - The macOS system must be configured with the SSH daemon ClientAliveCountMax option set to 0.UnixDISA STIG Apple Mac OSX 10.15 v1r10
AOSX-15-000053 - The macOS system must be configured with the SSH daemon LoginGraceTime set to 30 or less.UnixDISA STIG Apple Mac OSX 10.15 v1r10
APPL-11-000051 - The macOS system must be configured with the SSH daemon ClientAliveInterval option set to 900 or less.UnixDISA STIG Apple macOS 11 v1r8
APPL-11-000051 - The macOS system must be configured with the SSH daemon ClientAliveInterval option set to 900 or less.UnixDISA STIG Apple macOS 11 v1r5
APPL-11-000052 - The macOS system must be configured with the SSH daemon ClientAliveCountMax option set to 0.UnixDISA STIG Apple macOS 11 v1r5
APPL-11-000052 - The macOS system must be configured with the SSH daemon ClientAliveCountMax option set to 0.UnixDISA STIG Apple macOS 11 v1r8
APPL-11-000053 - The macOS system must be configured with the SSH daemon LoginGraceTime set to 30 or less.UnixDISA STIG Apple macOS 11 v1r8
APPL-11-000053 - The macOS system must be configured with the SSH daemon LoginGraceTime set to 30 or less.UnixDISA STIG Apple macOS 11 v1r5
APPL-12-000051 - The macOS system must be configured with the SSH daemon ClientAliveInterval option set to 900 or less.UnixDISA STIG Apple macOS 12 v1r9
APPL-12-000052 - The macOS system must be configured with the SSH daemon ClientAliveCountMax option set to 1.UnixDISA STIG Apple macOS 12 v1r9
APPL-12-000053 - The macOS system must be configured with the SSH daemon LoginGraceTime set to 30 or less.UnixDISA STIG Apple macOS 12 v1r9
APPL-13-000051 - The macOS system must be configured with the SSH daemon ClientAliveInterval option set to 900 or less.UnixDISA STIG Apple macOS 13 v1r4
APPL-13-000052 - The macOS system must be configured with the SSH daemon ClientAliveCountMax option set to 1.UnixDISA STIG Apple macOS 13 v1r4
APPL-13-000053 - The macOS system must be configured with the SSH daemon LoginGraceTime set to 30 or less.UnixDISA STIG Apple macOS 13 v1r4
APPL-14-000051 - The macOS system must configure SSHD ClientAliveInterval to 900.UnixDISA Apple macOS 14 (Sonoma) STIG v2r2
APPL-14-000052 - The macOS system must configure SSHD ClientAliveCountMax to 1.UnixDISA Apple macOS 14 (Sonoma) STIG v2r2
APPL-14-000053 - The macOS system must set Login Grace Time to 30.UnixDISA Apple macOS 14 (Sonoma) STIG v2r2
APPL-14-000110 - The macOS system must configure SSH ServerAliveInterval option set to 900.UnixDISA Apple macOS 14 (Sonoma) STIG v2r2
APPL-14-000120 - The macOS system must configure SSHD Channel Timeout to 900.UnixDISA Apple macOS 14 (Sonoma) STIG v2r2
APPL-14-000130 - The macOS system must configure SSHD unused connection timeout to 900.UnixDISA Apple macOS 14 (Sonoma) STIG v2r2
APPL-14-000140 - The macOS system must set SSH Active Server Alive Maximum to 0.UnixDISA Apple macOS 14 (Sonoma) STIG v2r2
APPL-15-000051 - The macOS system must configure SSHD ClientAliveInterval to 900.UnixDISA Apple macOS 15 (Sequoia) STIG v1r1
APPL-15-000052 - The macOS system must configure SSHD ClientAliveCountMax to 1.UnixDISA Apple macOS 15 (Sequoia) STIG v1r1
APPL-15-000053 - The macOS system must set login grace time to 30.UnixDISA Apple macOS 15 (Sequoia) STIG v1r1
APPL-15-000110 - The macOS system must configure the SSH ServerAliveInterval to 900.UnixDISA Apple macOS 15 (Sequoia) STIG v1r1
APPL-15-000120 - The macOS system must configure SSHD channel timeout to 900.UnixDISA Apple macOS 15 (Sequoia) STIG v1r1
APPL-15-000130 - The macOS system must configure SSHD unused connection timeout to 900.UnixDISA Apple macOS 15 (Sequoia) STIG v1r1
APPL-15-000140 - The macOS system must set SSH Active Server Alive Maximum to 0.UnixDISA Apple macOS 15 (Sequoia) STIG v1r1