The Cisco ISE must limit the number of CLI sessions to one and organization-defined number for the GUI.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| V-242607 | CSCO-NM-000010 | SV-242607r822786_rule | Low |
| Description |
|---|
| Device management includes the ability to control the number of management sessions that manage a device. Limiting the number of allowed sessions is helpful in limiting risks related to DoS attacks. This requirement addresses concurrent sessions for administrative access. The maximum number of concurrent sessions should be defined based upon mission needs and the operational environment for each system. At a minimum, limits must be set for SSH and HTTPS sessions. |
| STIG | Date |
|---|---|
| Cisco ISE NDM Security Technical Implementation Guide | 2022-09-20 |
Details
| Check Text ( C-45882r822783_chk ) |
|---|
| Review the concurrent sessions to ensure the CLI and GUI have the correct number of sessions defined. From web Admin portal: 1. Choose Administration >> System >>Admin Access >> Settings >> Access. 2. Verify the "Maximum Concurrent Sessions" under "GUI" Sessions is set to the organization-defined number. 3. Verify the "Maximum Concurrent Sessions" under "CLI" Sessions is set to one. If the CLI is not set to limit the maximum number of sessions to one or the GUI is not set to limit the maximum number of sessions to the organization-defined number, then this is a finding. |
| Fix Text (F-45839r822786_fix) |
|---|
| Configure the concurrent sessions for the CLI and GUI. From web admin portal: 1. Choose Administration >> System >>Admin Access >> Settings >> Access. 2. Configure the "Maximum Concurrent Sessions" under "GUI" to be the organization-defined number. 3. Configure the "Maximum Concurrent Sessions" under "CLI" to be one. |