Ax-OS must automatically terminate a Secure Shell (SSH) user session after 15 minutes.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
| V-276003 | AXOS-00-000015 | SV-276003r1122659_rule | CCI-000057 | medium |
| Description | ||||
| An attacker can take advantage of user sessions that are left open, thus bypassing the user authentication process. To thwart the vulnerability of open and unused user sessions, the application server must be configured to close the sessions when a configured condition or trigger event is met. Session termination ends all processes associated with a user's logical session except those specifically created by the user (i.e., session owner) to continue after the session is terminated. Conditions or trigger events requiring automatic session termination can include, for example, periods of user inactivity, targeted responses to certain types of incidents, and time-of-day restrictions on information system use. | ||||
| STIG | Date | |||
| Axonius Federal Systems Ax-OS Security Technical Implementation Guide | 2025-11-25 | |||
Details
Check Text (C-276003r1122659_chk)
From the Axonius Toolbox (accessed via SSH) Main Actions Menu, select the following options:
Compliance Actions >> Advanced Compliance Actions >> Idle session timeout
If "Idle session timeout" is not enabled, this is a finding.
Fix Text (F-80046r1122658_fix)
From the Axonius Toolbox (accessed via SSH) Main Actions Menu, select the following options:
Compliance Actions >> Advanced Compliance Actions >> Idle session timeout
Enable "Idle session timeout".