Rule ID
SV-284853r1212030_rule
Version
V1R1
CCIs
Device management includes the ability to control the number of administrators and management sessions that manage a device. Limiting the number of allowed administrators and sessions per administrator based on account type, role, or access type is helpful in limiting risks related to denial-of-service (DoS) attacks. This requirement addresses concurrent sessions for administrative accounts and does not address concurrent sessions by a single administrator via multiple administrative accounts. The maximum number of concurrent sessions should be defined based upon mission needs and the operational environment for each system. At a minimum, limits must be set for SSH, HTTPS, account of last resort, and root account sessions.
Verify the Cisco SNA appliance is configured to limit the number of concurrent sessions to an organization-defined number for all administrator accounts. Navigate to SNA Dashboard >> Configure >> Central Management >> Inventory >> Actions... >> Edit Appliance Configuration >> General >> Session Settings >> Maximum Number of Concurrent Sessions. If the Cisco SNA appliance is not configured to limit the number of concurrent sessions to an organization-defined number for each administrator account, this is a finding.
Configure the SNA appliance to limit the number of concurrent sessions to an organization-defined number for all administrator accounts and/or administrator account types. Navigate to SNA Dashboard >> Configure >> Central Management >> Inventory >> Actions... >> Edit Appliance Configuration >> General >> Session Settings. Input Maximum Number of Concurrent Sessions. Apply Configuration.