The Cisco ISE must terminate all network connections associated with a device management session at the end of the session, or the session must be terminated after five minutes of inactivity except to fulfill documented and validated mission requirements.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
| V-242657 | CSCO-NM-000520 | SV-242657r961068_rule | High |
| Description |
| Terminating an idle session within a short time period reduces the window of opportunity for unauthorized personnel to take control of a management session enabled on the console or console port that has been left unattended. |
| STIG | Date |
| Cisco ISE NDM Security Technical Implementation Guide | 2024-09-10 |
Details
| Check Text (C-45932r944327_chk) |
| From the CLI EXEC mode, type show terminal. From the GUI, navigate to Administration >> System >> Admin Access >> Settings >> Session. View the session timeout setting. If the terminal and administration setting is not set to six minutes or less, this is a finding. |
| Fix Text (F-45889r944328_fix) |
| Configure Session Timeout for Administrators. 1. Choose Administration >> System >> Admin Access >> Settings >> Session >> Session Timeout. 2. Type "6". 3. Click "Save". |