The network device must retain the session lock until the administrator reestablishes access using established identification and authentication procedures.

From Network Device Management Security Requirements Guide

Associated with: CCI-000056

SV-69281r1_rule The network device must retain the session lock until the administrator reestablishes access using established identification and authentication procedures.

Vulnerability discussion

A session lock is a temporary network device or administrator-initiated action taken when the administrator stops work but does not log out of the network device. Once invoked, the session lock shall remain in place until the administrator re-authenticates. No other system activity aside from re-authentication shall unlock the management session.

Check content

Review the network device configuration to determine if the device retains session lock until the administrator re-authenticates. This may be verified by configuration check, demonstration, or other validation test results. If the device does not require re-authentication before releasing the session lock, this is a finding.

Fix text

Configure the network device to retain session lock until the administrator re-authenticates.

Pro Tips

Lavender hyperlinks in small type off to the right (of CSS class id, if you view the page source) point to globally unique URIs for each document and item. Copy the link location and paste anywhere you need to talk unambiguously about these things.

You can obtain data about documents and items in other formats. Simply provide an HTTP header Accept: text/turtle or Accept: application/rdf+xml.