The Cisco ISE must terminate all network connections associated with a device management session at the end of the session, or the session must be terminated after five minutes of inactivity except to fulfill documented and validated mission requirements.

Changes are coming to https://stigviewer.com. Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey

The Cisco ISE must terminate all network connections associated with a device management session at the end of the session, or the session must be terminated after five minutes of inactivity except to fulfill documented and validated mission requirements.

Overview

Finding ID	Version	Rule ID	IA Controls	Severity
V-242657	CSCO-NM-000520	SV-242657r961068_rule		High

Description
Terminating an idle session within a short time period reduces the window of opportunity for unauthorized personnel to take control of a management session enabled on the console or console port that has been left unattended.

STIG	Date
Cisco ISE NDM Security Technical Implementation Guide	2024-06-10

Details

Check Text ( C-45932r944327_chk )
From the CLI EXEC mode, type show terminal. From the GUI, navigate to Administration >> System >> Admin Access >> Settings >> Session. View the session timeout setting. If the terminal and administration setting is not set to six minutes or less, this is a finding.

Fix Text (F-45889r944328_fix)
Configure Session Timeout for Administrators. 1. Choose Administration >> System >> Admin Access >> Settings >> Session >> Session Timeout. 2. Type "6". 3. Click "Save".