UCF STIG Viewer Logo
Changes are coming to https://stigviewer.com. Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey

Nutanix AOS must automatically terminate a user session after 15 minutes of inactivity.


Overview

Finding ID Version Rule ID IA Controls Severity
V-254097 NUTX-AP-000010 SV-254097r961221_rule Medium
Description
An attacker can take advantage of user sessions that are left open, thus bypassing the user authentication process. To thwart the vulnerability of open and unused user sessions, the application server must be configured to close the sessions when a configured condition or trigger event is met. Session termination terminates all processes associated with a user's logical session except those processes specifically created by the user (i.e., session owner) to continue after the session is terminated. Conditions or trigger events requiring automatic session termination can include, for example, periods of user inactivity, targeted responses to certain types of incidents, and time-of-day restrictions on information system use. Satisfies: SRG-APP-000295-AS-000263, SRG-APP-000389-AS-000253, SRG-APP-000390-AS-000254
STIG Date
Nutanix AOS 5.20.x Application Security Technical Implementation Guide 2024-06-18

Details

Check Text ( C-57582r846377_chk )
Confirm Nutanix AOS Session Timeout settings are set to 15 minutes.

1. Log in to Prism Element.
2. Click on the gear icon in the upper right.
3. Navigate to "UI Settings" in the left navigation pane.

For each user type, verify that the Session Timeout is set correctly. If not, this is a finding.
Fix Text (F-57533r846378_fix)
Configure Nutanix AOS Session Timeout settings to 15 minutes.

1. Log in to Prism Element.
2. Click on the gear icon in the upper right.
3. Navigate to "UI Settings" in the left navigation pane.
4. Set the Session Timeout settings to 15 minutes per user type.