Mainframe Products requiring user access authentication must provide a logoff capability for a user-initiated communication session.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
| V-205536 | SRG-APP-000296-MFP-000007 | SV-205536r961224_rule | CCI-002363 | medium |
| Description | ||||
| If a user cannot explicitly end an application session, the session may remain open and be exploited by an attacker; this is referred to as a zombie session. Information resources to which users gain access via authentication include, for example, local workstations, databases, and password-protected websites/web-based services. However, for some types of interactive sessions including, for example, file transfer protocol (FTP) sessions, information systems typically send logoff messages as final messages prior to terminating sessions. | ||||
| STIG | Date | |||
| Mainframe Product Security Requirements Guide | 2024-12-05 | |||
Related Frameworks
2 paths across 2 frameworks
Related Frameworks
NIST 800-531 mapping
AC-12(1)
1.00
- DISA · 3 · disa_xccdf · related
- DISA · 2025-01-23 · disa_cci_list · equivalent
CCI1 mapping
CCI-002363
1.00
- DISA · 3 · disa_xccdf · related
Details
Check Text (C-205536r961224_chk)
If the Mainframe Product has no logon capability, this requirement is not applicable.
If the Mainframe Product does not provide a logout capability for user initiated communication sessions, this is a finding.
Examine the Mainframe Product configuration settings to determine whether a user can logoff. If the configurations are not properly set, this is a finding.
Fix Text (F-5802r299842_fix)
Configure the Mainframe Product settings to provide capability of user-initiated logoff.