The Cisco ISE must limit the number of CLI and GUI sessions to an organization-defined number.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
| V-242607 | CSCO-NM-000010 | SV-242607r1025177_rule | Low |
| Description |
| Device management includes the ability to control the number of management sessions that manage a device. Limiting the number of allowed sessions is helpful in limiting risks related to DoS attacks. This requirement addresses concurrent sessions for administrative access. The maximum number of concurrent sessions should be defined based upon mission needs and the operational environment for each system. At a minimum, limits must be set for SSH and HTTPS sessions. |
| STIG | Date |
| Cisco ISE NDM Security Technical Implementation Guide | 2024-09-10 |
Details
| Check Text (C-45882r1018671_chk) |
| From the web Admin portal: 1. Choose Administration >> System >>Admin Access >> Settings >> Access. 2. Verify the "Maximum Concurrent Sessions" under "GUI" Sessions is set to the organization-defined number. 3. Verify the "Maximum Concurrent Sessions" under "CLI" Sessions is set to one (recommended) or an organization-defined number. It is highly recommended the number be minimized to one or two, but this can be based on operational needs. If the CLI and GUI are not set to limit the maximum number of sessions, this is a finding. |
| Fix Text (F-45839r1018672_fix) |
| Configure the concurrent sessions for the CLI and GUI. From web admin portal: 1. Choose Administration >> System >>Admin Access >> Settings >> Access. 2. Configure the "Maximum Concurrent Sessions" under "GUI" to be the organization-defined number. 3. Configure the "Maximum Concurrent Sessions" under "CLI" to be one. |