Description:

This requirement applies to internal and external networks. Terminating network connections associated with communications sessions include de-allocating associated TCP/IP address or port pairs at the operating system level, or de-allocating networking assignments at the application level if multiple application sessions are using a single, operating system-level network connection. Time periods of user inactivity may be established by organizations and include time periods by type of network access or for specific network accesses


Priority: Medium


Category: Baseline Security Configurations 


Services Associated with AWS:

  1. AWS Identity and Access Management (IAM)
  2. Amazon CognitoAmazon VPC
  3. AWS Network Firewall
  4. Amazon EC2


Objective Evidence:  

  • Administrative: documented policies, standards & procedures
  • Administrative: supporting documentation to demonstrate the "secure practices" used to build technology platform-specific secure baseline configurations
  • Technical: screen shot of configuration settings


Possible Technology Considerations :

  • Secure Baseline Configurations (SBC)


What needs to be answered?

  • Does the system terminate a network connection at the end of a session or after a defined timeframe of inactivity?
  • Check Name: Session Timeout Check

    Description: This check ensures that network connections associated with communications sessions are terminated at the end of the sessions or after a defined period of inactivity.

  • Check Name: Network Connection Termination Check

    Description: This check confirms the de-allocation of associated TCP/IP addresses or port pairs at the operating system level, or de-allocation of networking assignments at the application level if multiple application sessions are using a single, operating system-level network connection."

More Details:

Remote access to cloud based systems terminated after 15 minutes of inactivity.