800-53|SC-10

Title

NETWORK DISCONNECT

Description

The information system terminates the network connection associated with a communications session at the end of the session or after [Assignment: organization-defined time period] of inactivity.

Supplemental

This control applies to both internal and external networks. Terminating network connections associated with communications sessions include, for example, de-allocating associated TCP/IP address/port pairs at the operating system level, or de-allocating networking assignments at the application level if multiple application sessions are using a single, operating system-level network connection. Time periods of inactivity may be established by organizations and include, for example, time periods by type of network access or for specific network accesses.

Reference Item Details

Reference: NIST 800-53 - Security and Privacy Controls for Federal Information Systems and Organizations

Category: SYSTEM AND COMMUNICATIONS PROTECTION

Family: SYSTEM AND COMMUNICATIONS PROTECTION

Priority: P2

Baseline Impact: MODERATE,HIGH

Audit Items

View all Reference Audit Items

Name	Plugin	Audit Name
1.12.10 Configure connection Timeout	Unix	CIS Apache Tomcat5.5/6.0 L2 v1.0
2.1.6 Set 'service tcp-keepalives-in'	Cisco	CIS Cisco IOS 12 L1 v4.0.0
2.1.6 Set 'service tcp-keepalives-in'	Cisco	CIS Cisco IOS 16 L1 v1.1.0
2.1.6 Set 'service tcp-keepalives-in'	Cisco	CIS Cisco IOS 15 L1 v4.0.1
2.1.7 Set 'service tcp-keepalives-out'	Cisco	CIS Cisco IOS 16 L1 v1.1.0
2.1.7 Set 'service tcp-keepalives-out'	Cisco	CIS Cisco IOS 15 L1 v4.0.1
2.1.7 Set 'service tcp-keepalives-out'	Cisco	CIS Cisco IOS 12 L1 v4.0.0
2.2.6 Ensure 'Send connector timeout' is set to '10'	Windows	CIS Microsoft Exchange Server 2019 L1 Mailbox v1.0.0
2.2.7 Ensure 'Receive connector timeout' is set to '5'	Windows	CIS Microsoft Exchange Server 2019 L1 Mailbox v1.0.0
3.074 - The system is not configured to force users to log off when their allowed logon hours expire.	Windows	DISA Windows Vista STIG v6r41
4.006 - Users must be forcibly disconnected when their logon hours expire.	Windows	DISA Windows Vista STIG v6r41
4.23 sqlnet.ora - 'sqlnet.inbound_connect_timeout = 3'	Unix	CIS v1.1.0 Oracle 11g OS L2
4.028 - The amount of idle time required before suspending a session must be properly set.	Windows	DISA Windows Vista STIG v6r41
5.3.19 Ensure SSH Idle Timeout Interval is configured - ClientAliveCountMax	Unix	CIS Red Hat Enterprise Linux 7 STIG v2.0.0 STIG
5.3.19 Ensure SSH Idle Timeout Interval is configured - ClientAliveInterval	Unix	CIS Red Hat Enterprise Linux 7 STIG v2.0.0 STIG
5.5.4 Ensure default user shell timeout is configured	Unix	CIS Red Hat Enterprise Linux 7 STIG v2.0.0 STIG
5.046 - Terminal Services is not configured to set a time limit for disconnected sessions.	Windows	DISA Windows Vista STIG v6r41
5.047 - Terminal Services idle session time limit does not meet the requirement.	Windows	DISA Windows Vista STIG v6r41
AIX7-00-002105 - AIX must config the SSH idle timeout interval.	Unix	DISA STIG AIX 7.x v2r9
AIX7-00-003003 - AIX must set inactivity time-out on login sessions and terminate all login sessions after 10 minutes of inactivity - TIMEOUT	Unix	DISA STIG AIX 7.x v2r1
AIX7-00-003003 - AIX must set inactivity time-out on login sessions and terminate all login sessions after 10 minutes of inactivity - TIMEOUT	Unix	DISA STIG AIX 7.x v2r3
AIX7-00-003003 - AIX must set inactivity time-out on login sessions and terminate all login sessions after 10 minutes of inactivity - TMOUT	Unix	DISA STIG AIX 7.x v2r1
AIX7-00-003003 - AIX must set inactivity time-out on login sessions and terminate all login sessions after 10 minutes of inactivity - TMOUT	Unix	DISA STIG AIX 7.x v2r3
AIX7-00-003003 - AIX must set inactivity time-out on login sessions and terminate all login sessions after 10 minutes of inactivity.	Unix	DISA STIG AIX 7.x v2r9
AOSX-13-000720 - The macOS system must be configured with the SSH daemon ClientAliveInterval option set to 900 or less.	Unix	DISA STIG Apple Mac OSX 10.13 v2r5
AOSX-13-000721 - The macOS system must be configured with the SSH daemon ClientAliveCountMax option set to 0.	Unix	DISA STIG Apple Mac OSX 10.13 v2r5
AOSX-13-000722 - The macOS system must be configured with the SSH daemon LoginGraceTime set to 30 or less.	Unix	DISA STIG Apple Mac OSX 10.13 v2r5
AOSX-14-000051 - The macOS system must be configured with the SSH daemon ClientAliveInterval option set to 900 or less.	Unix	DISA STIG Apple Mac OSX 10.14 v2r6
AOSX-14-000052 - The macOS system must be configured with the SSH daemon ClientAliveCountMax option set to 0.	Unix	DISA STIG Apple Mac OSX 10.14 v2r6
AOSX-14-000053 - The macOS system must be configured with the SSH daemon LoginGraceTime set to 30 or less.	Unix	DISA STIG Apple Mac OSX 10.14 v2r6
AOSX-15-000051 - The macOS system must be configured with the SSH daemon ClientAliveInterval option set to 900 or less.	Unix	DISA STIG Apple Mac OSX 10.15 v1r10
AOSX-15-000052 - The macOS system must be configured with the SSH daemon ClientAliveCountMax option set to 0.	Unix	DISA STIG Apple Mac OSX 10.15 v1r10
AOSX-15-000053 - The macOS system must be configured with the SSH daemon LoginGraceTime set to 30 or less.	Unix	DISA STIG Apple Mac OSX 10.15 v1r10
APPL-11-000051 - The macOS system must be configured with the SSH daemon ClientAliveInterval option set to 900 or less.	Unix	DISA STIG Apple macOS 11 v1r8
APPL-11-000051 - The macOS system must be configured with the SSH daemon ClientAliveInterval option set to 900 or less.	Unix	DISA STIG Apple macOS 11 v1r5
APPL-11-000052 - The macOS system must be configured with the SSH daemon ClientAliveCountMax option set to 0.	Unix	DISA STIG Apple macOS 11 v1r5
APPL-11-000052 - The macOS system must be configured with the SSH daemon ClientAliveCountMax option set to 0.	Unix	DISA STIG Apple macOS 11 v1r8
APPL-11-000053 - The macOS system must be configured with the SSH daemon LoginGraceTime set to 30 or less.	Unix	DISA STIG Apple macOS 11 v1r8
APPL-11-000053 - The macOS system must be configured with the SSH daemon LoginGraceTime set to 30 or less.	Unix	DISA STIG Apple macOS 11 v1r5
APPL-12-000051 - The macOS system must be configured with the SSH daemon ClientAliveInterval option set to 900 or less.	Unix	DISA STIG Apple macOS 12 v1r9
APPL-12-000052 - The macOS system must be configured with the SSH daemon ClientAliveCountMax option set to 1.	Unix	DISA STIG Apple macOS 12 v1r9
APPL-12-000053 - The macOS system must be configured with the SSH daemon LoginGraceTime set to 30 or less.	Unix	DISA STIG Apple macOS 12 v1r9
APPL-13-000051 - The macOS system must be configured with the SSH daemon ClientAliveInterval option set to 900 or less.	Unix	DISA STIG Apple macOS 13 v1r4
APPL-13-000052 - The macOS system must be configured with the SSH daemon ClientAliveCountMax option set to 1.	Unix	DISA STIG Apple macOS 13 v1r4
APPL-13-000053 - The macOS system must be configured with the SSH daemon LoginGraceTime set to 30 or less.	Unix	DISA STIG Apple macOS 13 v1r4
APPL-14-000051 - The macOS system must configure SSHD ClientAliveInterval to 900.	Unix	DISA Apple macOS 14 (Sonoma) STIG v2r1
APPL-14-000052 - The macOS system must configure SSHD ClientAliveCountMax to 1.	Unix	DISA Apple macOS 14 (Sonoma) STIG v2r1
APPL-14-000053 - The macOS system must set Login Grace Time to 30.	Unix	DISA Apple macOS 14 (Sonoma) STIG v2r1
APPL-14-000110 - The macOS system must configure SSH ServerAliveInterval option set to 900.	Unix	DISA Apple macOS 14 (Sonoma) STIG v2r1
APPL-14-000120 - The macOS system must configure SSHD Channel Timeout to 900.	Unix	DISA Apple macOS 14 (Sonoma) STIG v2r1

Detections

Analytics