Identify the application load requirements defined by system owner.
Regular application user session timeout values are defined at the DoD level at 20 minutes.
An ISSO risk acceptance is required to deviate from that value.
If session timeout values are not set to "20" and an ISSO risk acceptance is provided, this is not a finding.
From the admin console, navigate to Servers >> all servers >> [web application server] >> Session management.
For every [web application server], verify maximum in-memory session count.
Verify "allow overflow" and "session timeout" are set according to application load requirements.
Scope, Define, and Maintain Regulatory Demands Online in Minutes.
10161 Park Run Drive, Suite 150
Las Vegas, Nevada 89145
PHONE 702.776.9898
FAX 866.924.3791
info@unifiedcompliance.com
© 2018 Network Frontiers LLC
All right reserved.