STIGhubSTIGhub
STIGhub— A free STIG search and compliance tool·STIGs updated just now
Powered by Pylon·Privacy·Terms·Feedback·© 2026 Beacon Cloud Solutions, Inc.
← Back to Ivanti Policy Secure NDM Security Technical Implementation Guide

V-284530

CAT I (High)

The Ivanti Policy Secure must be configured to terminate all network connections associated with a device management session at the end of the session, or the session must be terminated after 10 minutes of inactivity except to fulfill documented and validated mission requirements.

Rule ID

SV-284530r1244936_rule

STIG

Ivanti Policy Secure NDM Security Technical Implementation Guide

Version

V1R1

CCIs

CCI-001133

Discussion

Terminating an idle session within a short time period reduces the window of opportunity for unauthorized personnel to take control of a management session enabled on the console or console port that has been left unattended. In addition, quickly terminating an idle session will also free up resources committed by the managed network element. Terminating network connections associated with communications sessions includes, for example, de-allocating associated TCP/IP address/port pairs at the operating system level, or de-allocating networking assignments at the application level if multiple application sessions are using a single, operating system-level network connection. This does not mean that the device terminates all sessions or network access; it only ends the inactive session and releases the resources associated with that session.

Check Content

1. In the Web UI, navigate to Administrators >> Admins Role >> Delegated Admin Roles.
2. Click the configured admin role being used for CAC/PKI token admin logins, by default it is ".Administrators".
3. Click the "Session Options" tab.
4. View the "Session Lifetime" section.

If the idle timeout is not set to "10", this is a finding.

Fix Text

1. In the Web UI, navigate to Administrators >> Admins Role >> Delegated Admin Roles.
2. Click the configured admin role being used for CAC/PKI token admin logins, by default it is ".Administrators".
3. Click the "Session Options" tab.
4. In the "Session Lifetime" section, set the Idle Timeout to "10".
5. Click "Save Changes".