UCF STIG Viewer Logo
Changes are coming to https://stigviewer.com. Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey

The network device must display an explicit logout message to administrators indicating the reliable termination of authenticated communications sessions.


Overview

Finding ID Version Rule ID IA Controls Severity
V-55199 SRG-APP-000297-NDM-000281 SV-69445r1_rule Medium
Description
If an explicit logout message is not displayed and the administrator does not expect to see one, the administrator may inadvertently leave a management session un-terminated. The session may remain open and be exploited by an attacker; this is referred to as a zombie session. Administrators need to be aware of whether or not the session has been terminated.
STIG Date
Network Device Management Security Requirements Guide 2015-06-26

Details

Check Text ( C-55819r1_chk )
Review the network device configuration to determine if it displays an explicit logout message to administrators indicating the reliable termination of authenticated communications sessions. This requirement may be verified by demonstration. If an explicit logout message is not displayed, this is a finding.
Fix Text (F-60063r1_fix)
Configure the network device to display an explicit logout message to administrators indicating the reliable termination of authenticated communications sessions.