Changes are coming to https://stigviewer.com.
Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey
ONTAP must be configured to limit the number of concurrent sessions.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| V-246922 | NAOT-AC-000001 | SV-246922r960735_rule | Medium |
| Description |
|---|
| Device management includes the ability to control the number of administrators and management sessions that manage a device. Limiting the number of allowed administrators and sessions per administrator based on account type, role, or access type is helpful in limiting risks related to DoS attacks. |
| STIG | Date |
|---|---|
| NetApp ONTAP DSC 9.x Security Technical Implementation Guide | 2024-06-10 |
Details
| Check Text ( C-50354r769096_chk ) |
|---|
| Use "security session limit show -interface cli" to check the concurrent session limit. If the security session limit is not configured to limit the number of concurrent sessions to 1, this is a finding. |
| Fix Text (F-50308r769097_fix) |
|---|
| Configure session limits with the command, “security session limit modify -max-active-limit 1 -interface cli -category application". |