UCF STIG Viewer Logo
Changes are coming to https://stigviewer.com. Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey

The application or console being used to administer a network device must provide the capability for network administrators to directly initiate a session lock.


Overview

Finding ID Version Rule ID IA Controls Severity
V-55033 SRG-APP-000004-NDM-000203 SV-69279r2_rule Medium
Description
A session lock is a temporary network device or administrator-initiated action taken when the administrator stops work but does not log out of the network device. Rather than being forced to wait for a period of time to expire before the management session can be locked, network management consoles need to provide administrators with the ability to manually invoke a session lock so they may secure their management session should the need arise for them to temporarily vacate the immediate physical vicinity of the management workstation. Once invoked, the session lock shall remain in place until the administrator re-authenticates. No other system activity aside from re-authentication shall unlock the management session. The session lock is implemented at the point where session activity can be determined. This is typically at the operating system-level, but may be at the application-level. The session lock is initiated and controlled by either the client application or the workstation being used to access a network element. Many terminal emulation clients implement this capability through software flow control or XOFF/XON flow control. If this capability is not available, administrators must terminate all management sessions before leaving their management console or workstation. This includes closing any views or windows from those sessions.
STIG Date
Network Device Management Security Requirements Guide 2015-06-26

Details

Check Text ( C-55655r2_chk )
Directly observe the management application or the console; if an administrator cannot directly initiate a session lock from either the management application or the console, this is a finding.
Fix Text (F-59899r2_fix)
This is an intrinsic capability of the client application or the console. Many terminal emulation clients implement this capability through software flow control or XOFF/XON flow control.