CCI|CCI-001133

Title

Terminate the network connection associated with a communications session at the end of the session or after an organization-defined time period of inactivity.

Reference Item Details

Category: 2024

Audit Items

View all Reference Audit Items

NamePluginAudit Name
3.074 - The system is not configured to force users to log off when their allowed logon hours expire.WindowsDISA Windows Vista STIG v6r41
4.006 - Users must be forcibly disconnected when their logon hours expire.WindowsDISA Windows Vista STIG v6r41
4.028 - The amount of idle time required before suspending a session must be properly set.WindowsDISA Windows Vista STIG v6r41
5.3.19 Ensure SSH Idle Timeout Interval is configured - ClientAliveCountMaxUnixCIS Red Hat Enterprise Linux 7 STIG v2.0.0 STIG
5.3.19 Ensure SSH Idle Timeout Interval is configured - ClientAliveIntervalUnixCIS Red Hat Enterprise Linux 7 STIG v2.0.0 STIG
5.5.4 Ensure default user shell timeout is configuredUnixCIS Red Hat Enterprise Linux 7 STIG v2.0.0 STIG
5.046 - Terminal Services is not configured to set a time limit for disconnected sessions.WindowsDISA Windows Vista STIG v6r41
5.047 - Terminal Services idle session time limit does not meet the requirement.WindowsDISA Windows Vista STIG v6r41
AIX7-00-002105 - AIX must config the SSH idle timeout interval.UnixDISA STIG AIX 7.x v3r1
AIX7-00-003003 - AIX must set inactivity time-out on login sessions and terminate all login sessions after 10 minutes of inactivity.UnixDISA STIG AIX 7.x v3r1
AOSX-13-000720 - The macOS system must be configured with the SSH daemon ClientAliveInterval option set to 900 or less.UnixDISA STIG Apple Mac OSX 10.13 v2r5
AOSX-13-000721 - The macOS system must be configured with the SSH daemon ClientAliveCountMax option set to 0.UnixDISA STIG Apple Mac OSX 10.13 v2r5
AOSX-13-000722 - The macOS system must be configured with the SSH daemon LoginGraceTime set to 30 or less.UnixDISA STIG Apple Mac OSX 10.13 v2r5
AOSX-14-000051 - The macOS system must be configured with the SSH daemon ClientAliveInterval option set to 900 or less.UnixDISA STIG Apple Mac OSX 10.14 v2r6
AOSX-14-000052 - The macOS system must be configured with the SSH daemon ClientAliveCountMax option set to 0.UnixDISA STIG Apple Mac OSX 10.14 v2r6
AOSX-14-000053 - The macOS system must be configured with the SSH daemon LoginGraceTime set to 30 or less.UnixDISA STIG Apple Mac OSX 10.14 v2r6
AOSX-15-000051 - The macOS system must be configured with the SSH daemon ClientAliveInterval option set to 900 or less.UnixDISA STIG Apple Mac OSX 10.15 v1r10
AOSX-15-000052 - The macOS system must be configured with the SSH daemon ClientAliveCountMax option set to 0.UnixDISA STIG Apple Mac OSX 10.15 v1r10
AOSX-15-000053 - The macOS system must be configured with the SSH daemon LoginGraceTime set to 30 or less.UnixDISA STIG Apple Mac OSX 10.15 v1r10
APPL-11-000051 - The macOS system must be configured with the SSH daemon ClientAliveInterval option set to 900 or less.UnixDISA STIG Apple macOS 11 v1r8
APPL-11-000051 - The macOS system must be configured with the SSH daemon ClientAliveInterval option set to 900 or less.UnixDISA STIG Apple macOS 11 v1r5
APPL-11-000052 - The macOS system must be configured with the SSH daemon ClientAliveCountMax option set to 0.UnixDISA STIG Apple macOS 11 v1r5
APPL-11-000052 - The macOS system must be configured with the SSH daemon ClientAliveCountMax option set to 0.UnixDISA STIG Apple macOS 11 v1r8
APPL-11-000053 - The macOS system must be configured with the SSH daemon LoginGraceTime set to 30 or less.UnixDISA STIG Apple macOS 11 v1r8
APPL-11-000053 - The macOS system must be configured with the SSH daemon LoginGraceTime set to 30 or less.UnixDISA STIG Apple macOS 11 v1r5
APPL-12-000051 - The macOS system must be configured with the SSH daemon ClientAliveInterval option set to 900 or less.UnixDISA STIG Apple macOS 12 v1r9
APPL-12-000052 - The macOS system must be configured with the SSH daemon ClientAliveCountMax option set to 1.UnixDISA STIG Apple macOS 12 v1r9
APPL-12-000053 - The macOS system must be configured with the SSH daemon LoginGraceTime set to 30 or less.UnixDISA STIG Apple macOS 12 v1r9
APPL-13-000051 - The macOS system must be configured with the SSH daemon ClientAliveInterval option set to 900 or less.UnixDISA STIG Apple macOS 13 v1r4
APPL-13-000052 - The macOS system must be configured with the SSH daemon ClientAliveCountMax option set to 1.UnixDISA STIG Apple macOS 13 v1r4
APPL-13-000053 - The macOS system must be configured with the SSH daemon LoginGraceTime set to 30 or less.UnixDISA STIG Apple macOS 13 v1r4
APPL-14-000051 - The macOS system must configure SSHD ClientAliveInterval to 900.UnixDISA Apple macOS 14 (Sonoma) STIG v2r2
APPL-14-000052 - The macOS system must configure SSHD ClientAliveCountMax to 1.UnixDISA Apple macOS 14 (Sonoma) STIG v2r2
APPL-14-000053 - The macOS system must set Login Grace Time to 30.UnixDISA Apple macOS 14 (Sonoma) STIG v2r2
APPL-14-000110 - The macOS system must configure SSH ServerAliveInterval option set to 900.UnixDISA Apple macOS 14 (Sonoma) STIG v2r2
APPL-14-000120 - The macOS system must configure SSHD Channel Timeout to 900.UnixDISA Apple macOS 14 (Sonoma) STIG v2r2
APPL-14-000130 - The macOS system must configure SSHD unused connection timeout to 900.UnixDISA Apple macOS 14 (Sonoma) STIG v2r2
APPL-14-000140 - The macOS system must set SSH Active Server Alive Maximum to 0.UnixDISA Apple macOS 14 (Sonoma) STIG v2r2
APPL-15-000051 - The macOS system must configure SSHD ClientAliveInterval to 900.UnixDISA Apple macOS 15 (Sequoia) STIG v1r1
APPL-15-000052 - The macOS system must configure SSHD ClientAliveCountMax to 1.UnixDISA Apple macOS 15 (Sequoia) STIG v1r1
APPL-15-000053 - The macOS system must set login grace time to 30.UnixDISA Apple macOS 15 (Sequoia) STIG v1r1
APPL-15-000110 - The macOS system must configure the SSH ServerAliveInterval to 900.UnixDISA Apple macOS 15 (Sequoia) STIG v1r1
APPL-15-000120 - The macOS system must configure SSHD channel timeout to 900.UnixDISA Apple macOS 15 (Sequoia) STIG v1r1
APPL-15-000130 - The macOS system must configure SSHD unused connection timeout to 900.UnixDISA Apple macOS 15 (Sequoia) STIG v1r1
APPL-15-000140 - The macOS system must set SSH Active Server Alive Maximum to 0.UnixDISA Apple macOS 15 (Sequoia) STIG v1r1
Big Sur - Configure SSHD ClientAliveInterval option set to 900 or lessUnixNIST macOS Big Sur v1.4.0 - All Profiles
Big Sur - Set Login Grace Time to 30 or LessUnixNIST macOS Big Sur v1.4.0 - All Profiles
Big Sur - Set SSHD Active Client Alive Maximum to ZeroUnixNIST macOS Big Sur v1.4.0 - All Profiles
CISC-ND-000720 - The Cisco router must be configured to terminate all network connections associated with device management after five minutes of inactivity.CiscoDISA STIG Cisco IOS Router NDM v3r2
CISC-ND-000720 - The Cisco router must be configured to terminate all network connections associated with device management after five minutes of inactivity.CiscoDISA STIG Cisco IOS-XR Router NDM v3r2