Description:
This requirement applies to internal and external networks. Terminating network connections associated with communications sessions include de-allocating associated TCP/IP address or port pairs at the operating system level, or de-allocating networking assignments at the application level if multiple application sessions are using a single, operating system-level network connection. Time periods of user inactivity may be established by organizations and include time periods by type of network access or for specific network accesses
Priority: Medium
Category: Baseline Security Configurations
Services Associated with AWS:
- AWS Identity and Access Management (IAM)
- Amazon CognitoAmazon VPC
- AWS Network Firewall
- Amazon EC2
Objective Evidence:
- Administrative: documented policies, standards & procedures
- Administrative: supporting documentation to demonstrate the "secure practices" used to build technology platform-specific secure baseline configurations
- Technical: screen shot of configuration settings
Possible Technology Considerations :
- Secure Baseline Configurations (SBC)
What needs to be answered?
- Does the system terminate a network connection at the end of a session or after a defined timeframe of inactivity?
- Check Name: Session Timeout Check
Description: This check ensures that network connections associated with communications sessions are terminated at the end of the sessions or after a defined period of inactivity.
Check Name: Network Connection Termination Check
Description: This check confirms the de-allocation of associated TCP/IP addresses or port pairs at the operating system level, or de-allocation of networking assignments at the application level if multiple application sessions are using a single, operating system-level network connection."
More Details:
Remote access to cloud based systems terminated after 15 minutes of inactivity.