The operating system must limit the number of concurrent sessions for each account to an organization-defined number of sessions.

Overview

Finding ID	Version	Rule ID	IA Controls	Severity
V-29078	SRG-OS-000027	SV-37069r1_rule		Medium

Description
Limiting the number of allowed users and sessions per user can limit risks related to Denial of Service attacks. The organization may define the maximum number of concurrent sessions for an information system account globally, by account type, by account, or a combination thereof. This requirement addresses concurrent sessions for a single information system account and does not address concurrent sessions by a single user via multiple accounts.

Description

Limiting the number of allowed users and sessions per user can limit risks related to Denial of Service attacks. The organization may define the maximum number of concurrent sessions for an information system account globally, by account type, by account, or a combination thereof. This requirement addresses concurrent sessions for a single information system account and does not address concurrent sessions by a single user via multiple accounts.

STIG	Date
Operating System Security Requirements Guide	2013-03-28

Details

Check Text ( None )
None

Fix Text (None)
None