CCI|CCI-001185

Title

Invalidate session identifiers upon user logout or other session termination.

Reference Item Details

Category: 2024

Audit Items

View all Reference Audit Items

NamePluginAudit Name
AS24-U1-000460 - The Apache web server must invalidate session identifiers upon hosted application user logout or other session termination.UnixDISA STIG Apache Server 2.4 Unix Server v3r1 Middleware
AS24-U1-000460 - The Apache web server must invalidate session identifiers upon hosted application user logout or other session termination.UnixDISA STIG Apache Server 2.4 Unix Server v3r1
AS24-W1-000460 - The Apache web server must invalidate session identifiers upon hosted application user logout or other session termination.WindowsDISA STIG Apache Server 2.4 Windows Server v3r1
AS24-W1-000460 - The Apache web server must invalidate session identifiers upon hosted application user logout or other session termination.WindowsDISA STIG Apache Server 2.4 Windows Server v2r3
AS24-W2-000460 - The Apache web server must invalidate session identifiers upon hosted application user logout or other session termination.WindowsDISA STIG Apache Server 2.4 Windows Site v2r1
CD12-00-010600 - PostgreSQL must invalidate session identifiers upon user logout or other session termination.PostgreSQLDBDISA STIG Crunchy Data PostgreSQL DB v3r1
EPAS-00-005200 - The EDB Postgres Advanced Server must invalidate session identifiers upon user logout or other session termination.PostgreSQLDBEnterpriseDB PostgreSQL Advanced Server DB v2r1
IISW-SV-000134 - The IIS 8.5 web server must use cookies to track session state.WindowsDISA IIS 8.5 Server v2r7
MADB-10-004700 - MariaDB must invalidate session identifiers upon user logout or other session termination.MySQLDBDISA MariaDB Enterprise 10.x v2r2 DB
O112-C2-017600 - The DBMS must terminate user sessions upon user logout or any other organization or policy-defined session termination events, such as idle time limit exceeded.OracleDBDISA STIG Oracle 11.2g v2r5 Database
O121-C2-017600 - The DBMS must terminate user sessions upon user logoff or any other organization or policy-defined session termination events, such as idle time limit exceeded.OracleDBDISA STIG Oracle 12c v3r2 Database
PGS9-00-010600 - PostgreSQL must invalidate session identifiers upon user logout or other session termination.PostgreSQLDBDISA STIG PostgreSQL 9.x on RHEL DB v2r5
SP13-00-000115 - SharePoint must terminate user sessions upon user logoff, and when idle time limit is exceeded.WindowsDISA STIG SharePoint 2013 v2r3
WBLC-08-000224 - Oracle WebLogic must terminate user sessions upon user logout or any other organization- or policy-defined session termination events such as idle time limit exceeded.WindowsOracle WebLogic Server 12c Windows v2r1
WBLC-08-000224 - Oracle WebLogic must terminate user sessions upon user logout or any other organization- or policy-defined session termination events such as idle time limit exceeded.UnixOracle WebLogic Server 12c Linux v2r1
WBLC-08-000224 - Oracle WebLogic must terminate user sessions upon user logout or any other organization- or policy-defined session termination events such as idle time limit exceeded.UnixOracle WebLogic Server 12c Linux v2r1 Middleware