The network element must limit the number of concurrent sessions for each account to an organization-defined number.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| V-26815 | SRG-NET-000053 | SV-34065r1_rule | Medium |
| Description |
|---|
| This requirement addresses concurrent sessions for a given information system account and does not address concurrent sessions by a single user via multiple accounts. Limiting the number of concurrent sessions to the device per any given account mitigates the risk associated with a Denial of Service (DoS) attack. |
| STIG | Date |
|---|---|
| Network Security Requirements Guide | 2011-12-28 |
Details
| Check Text ( None ) |
|---|
| None |
| Fix Text (None) |
|---|
| None |