UCF STIG Viewer Logo
Changes are coming to https://stigviewer.com. Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey

The network device must retain the session lock until the administrator reestablishes access using established identification and authentication procedures.


Overview

Finding ID Version Rule ID IA Controls Severity
V-202009 SRG-APP-000005-NDM-000204 SV-202009r879515_rule Medium
Description
A session lock is a temporary network device or administrator-initiated action taken when the administrator stops work but does not log out of the network device. Once invoked, the session lock shall remain in place until the administrator re-authenticates. No other system activity aside from re-authentication shall unlock the management session.
STIG Date
Network Device Management Security Requirements Guide 2023-02-15

Details

Check Text ( C-2135r381566_chk )
Review the network device configuration to determine if the device retains session lock until the administrator re-authenticates. This may be verified by configuration check, demonstration, or other validation test results. If the device does not require re-authentication before releasing the session lock, this is a finding.
Fix Text (F-2136r381567_fix)
Configure the network device to retain session lock until the administrator re-authenticates.