Details

If no input is detected during the interval, the EXEC facility resumes the current connection. If no connections exist, the EXEC facility returns the terminal to the idle state and disconnects the incoming session.

Solution

Configure device timeout (10 minutes or less) to disconnect sessions after a fixed idle time.
hostname(config)#line aux 0
hostname(config-line)#exec-timeout

Supportive Information

The following resource is also helpful.

• https://workbench.cisecurity.org/files/508

This security hardening control applies to the following category of controls within NIST 800-53: Access Control.This control applies to the following type of system Cisco.

References

• 800-53|AC-12

Source

• Tenable.com/audits