It was found that all Rally users have the ability to set their session time out option up to 2 weeks.
Security Team sees great vulnerability with this based on the information that is Company sensitive info. Customers want to restrict users the ability to set their session timeout past 4 hours.
Security concern
Release : SAAS
Component : AGILE CENTRAL
The session timeout can be set either on subscription level by your Rally subscription admin. Using the dropdown as shown below, the Sub Admin can select a timeout between 10 minutes and 2 weeks. This is a global setting for all users in the subscription.
If the Sub Admin selects the option, Let Users Choose, then each user can set their own timeout as appropriate. The timeout can be set between 10 minutes and 2 weeks.