ONTAP must be configured to create a session lock after 15 minutes.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| V-246923 | NAOT-AC-000002 | SV-246923r835206_rule | Medium |
| Description |
|---|
| A session lock is a temporary network device or administrator-initiated action taken when the administrator stops work but does not log out of the network device. Rather than relying on the user to manually lock their management session prior to vacating the vicinity, network devices need to be able to identify when a management session has idled and take action to initiate the session lock. Once invoked, the session lock must remain in place until the administrator re-authenticates. No other system activity aside from re-authentication must unlock the management session. Note that CCI-001133 requires that administrative network sessions be disconnected after 10 minutes of idle time. This requirement may only apply to local administrative sessions. |
| STIG | Date |
|---|---|
| NetApp ONTAP DSC 9.x Security Technical Implementation Guide | 2022-06-07 |
Details
| Check Text ( C-50355r835205_chk ) |
|---|
| Use "system timeout show" to check the current CLI timeout. If the system timeout is not set to 15 minute(s) or less, this is a finding. |
| Fix Text (F-50309r769100_fix) |
|---|
| Configure the CLI timeout value to 15 minutes with the command, "system timeout modify -timeout 15". |