800-53|AC-12

Title

SESSION TERMINATION

Description

The information system automatically terminates a user session after [Assignment: organization-defined conditions or trigger events requiring session disconnect].

Supplemental

This control addresses the termination of user-initiated logical sessions in contrast to SC-10 which addresses the termination of network connections that are associated with communications sessions (i.e., network disconnect). A logical session (for local, network, and remote access) is initiated whenever a user (or process acting on behalf of a user) accesses an organizational information system. Such user sessions can be terminated (and thus terminate user access) without terminating network sessions. Session termination terminates all processes associated with a user's logical session except those processes that are specifically created by the user (i.e., session owner) to continue after the session is terminated. Conditions or trigger events requiring automatic session termination can include, for example, organization-defined periods of user inactivity, targeted responses to certain types of incidents, time-of-day restrictions on information system use.

Reference Item Details

Related: SC-10,SC-23

Category: ACCESS CONTROL

Family: ACCESS CONTROL

Priority: P2

Baseline Impact: MODERATE,HIGH

Audit Items

View all Reference Audit Items

NamePluginAudit Name
1.1.3.11.17 Configure 'Network security: Force logoff when logon hours expire'WindowsCIS Windows 8 L1 v1.0.0
1.2.1 Ensure Idle Timeout for Login Sessions is set to 5 minutes - console exec-timeoutCiscoCIS Cisco NX-OS L2 v1.0.0
1.2.1 Ensure Idle Timeout for Login Sessions is set to 5 minutes - console exec-timeoutCiscoCIS Cisco NX-OS L1 v1.0.0
1.2.1 Ensure Idle Timeout for Login Sessions is set to 5 minutes - ssh idle-timeoutCiscoCIS Cisco NX-OS L1 v1.0.0
1.2.1 Ensure Idle Timeout for Login Sessions is set to 5 minutes - ssh idle-timeoutCiscoCIS Cisco NX-OS L2 v1.0.0
1.2.4 - /etc/security/login.cfg - 'logintimeout <= 30'UnixCIS AIX 5.3/6.1 L1 v1.1.0
1.2.6 Set 'exec-timeout' to less than or equal to 10 minutes for 'line aux 0'CiscoCIS Cisco IOS 12 L1 v4.0.0
1.2.6 Set 'exec-timeout' to less than or equal to 10 minutes for 'line aux 0'CiscoCIS Cisco IOS 16 L1 v1.1.2
1.2.7 Set 'exec-timeout' to less than or equal to 10 minutes 'line console 0'CiscoCIS Cisco IOS 16 L1 v1.1.2
1.2.7 Set 'exec-timeout' to less than or equal to 10 minutes 'line console 0'CiscoCIS Cisco IOS 12 L1 v4.0.0
1.2.8 Set 'exec-timeout' less than or equal to 10 minutes 'line tty'CiscoCIS Cisco IOS 16 L1 v1.1.2
1.2.8 Set 'exec-timeout' less than or equal to 10 minutes 'line tty'CiscoCIS Cisco IOS 12 L1 v4.0.0
1.2.9 Set 'exec-timeout' to less than or equal to 10 minutes 'line vty'CiscoCIS Cisco IOS 16 L1 v1.1.2
1.2.9 Set 'exec-timeout' to less than or equal to 10 minutes 'line vty'CiscoCIS Cisco IOS 12 L1 v4.0.0
1.2.10 Set 'transport input none' for 'line aux 0'CiscoCIS Cisco IOS 16 L1 v1.1.2
1.4.1 Ensure 'Idle timeout' is less than or equal to 10 minutes for device managementPalo_AltoCIS Palo Alto Firewall 7 Benchmark L1 v1.0.0
1.4.1 Ensure 'Idle timeout' is less than or equal to 10 minutes for device managementPalo_AltoCIS Palo Alto Firewall 10 v1.0.0 L1
1.4.1 Ensure 'Idle timeout' is less than or equal to 10 minutes for device managementPalo_AltoCIS Palo Alto Firewall 6 Benchmark L1 v1.0.0
10.04 Grid Control TimeOut Value - 'Configure an appropriate value for Grid Control Timeout Value in the Oracle Application Server'WindowsCIS v1.1.0 Oracle 11g OS Windows Level 1
10.04 Grid Control TimeOut Value - 'Configure an appropriate value for Grid Control Timeout Value in the Oracle Application Server'UnixCIS v1.1.0 Oracle 11g OS L1
10.10 Configure connectionTimeoutUnixCIS Apache Tomcat 7 L2 v1.1.0
10.10 Configure connectionTimeoutUnixCIS Apache Tomcat 7 L2 v1.1.0 Middleware
18.1.1.1 Ensure 'Prevent enabling lock screen camera' is set to 'Enabled'WindowsCIS Microsoft Intune for Windows 10 Release 2004 v1.0.1 L1 + BL
18.1.1.1 Ensure 'Prevent enabling lock screen camera' is set to 'Enabled'WindowsCIS Microsoft Intune for Windows 10 Release 2004 v1.0.1 L1 + NG
18.1.1.1 Ensure 'Prevent enabling lock screen camera' is set to 'Enabled'WindowsCIS Microsoft Intune for Windows 10 Release 2004 v1.0.1 L1 + BL + NG
18.1.1.1 Ensure 'Prevent enabling lock screen camera' is set to 'Enabled'WindowsCIS Microsoft Intune for Windows 10 Release 2004 v1.0.1 L1
18.1.1.2 Ensure 'Prevent enabling lock screen slide show' is set to 'Enabled'WindowsCIS Microsoft Intune for Windows 10 Release 2004 v1.0.1 L1 + NG
18.1.1.2 Ensure 'Prevent enabling lock screen slide show' is set to 'Enabled'WindowsCIS Microsoft Intune for Windows 10 Release 2004 v1.0.1 L1 + BL + NG
18.1.1.2 Ensure 'Prevent enabling lock screen slide show' is set to 'Enabled'WindowsCIS Microsoft Intune for Windows 10 Release 2004 v1.0.1 L1
18.1.1.2 Ensure 'Prevent enabling lock screen slide show' is set to 'Enabled'WindowsCIS Microsoft Intune for Windows 10 Release 2004 v1.0.1 L1 + BL
18.4.10 Ensure 'MSS: (ScreenSaverGracePeriod) The time in seconds before the screen saver grace period expires (0 recommended)' is set to 'Enabled: 5 or fewer seconds'WindowsCIS Microsoft Windows 10 Enterprise v1.12.0 L1 + BL + NG
18.4.10 Ensure 'MSS: (ScreenSaverGracePeriod) The time in seconds before the screen saver grace period expires (0 recommended)' is set to 'Enabled: 5 or fewer seconds'WindowsCIS Microsoft Windows 10 Enterprise v1.12.0 L1 + BL
18.4.10 Ensure 'MSS: (ScreenSaverGracePeriod) The time in seconds before the screen saver grace period expires (0 recommended)' is set to 'Enabled: 5 or fewer seconds'WindowsCIS Microsoft Windows 10 Enterprise v1.12.0 L1
18.4.10 Ensure 'MSS: (ScreenSaverGracePeriod) The time in seconds before the screen saver grace period expires (0 recommended)' is set to 'Enabled: 5 or fewer seconds'WindowsCIS Microsoft Windows 10 Enterprise v1.12.0 L1 + NG
18.8.28.3 Ensure 'Turn off app notifications on the lock screen' is set to 'Enabled'WindowsCIS Microsoft Intune for Windows 10 Release 2004 v1.0.1 L1 + BL + NG
18.8.28.3 Ensure 'Turn off app notifications on the lock screen' is set to 'Enabled'WindowsCIS Microsoft Intune for Windows 10 Release 2004 v1.0.1 L1
18.8.28.3 Ensure 'Turn off app notifications on the lock screen' is set to 'Enabled'WindowsCIS Microsoft Intune for Windows 10 Release 2004 v1.0.1 L1 + NG
18.8.28.3 Ensure 'Turn off app notifications on the lock screen' is set to 'Enabled'WindowsCIS Microsoft Intune for Windows 10 Release 2004 v1.0.1 L1 + BL
18.8.34.6.3 Ensure 'Require a password when a computer wakes (on battery)' is set to 'Enabled'WindowsCIS Microsoft Intune for Windows 10 Release 2004 v1.0.1 L1 + BL + NG
18.8.34.6.3 Ensure 'Require a password when a computer wakes (on battery)' is set to 'Enabled'WindowsCIS Microsoft Intune for Windows 10 Release 2004 v1.0.1 L1 + NG
18.8.34.6.3 Ensure 'Require a password when a computer wakes (on battery)' is set to 'Enabled'WindowsCIS Microsoft Intune for Windows 10 Release 2004 v1.0.1 L1
18.8.34.6.3 Ensure 'Require a password when a computer wakes (on battery)' is set to 'Enabled'WindowsCIS Microsoft Intune for Windows 10 Release 2004 v1.0.1 L1 + BL
18.8.34.6.4 Ensure 'Require a password when a computer wakes (plugged in)' is set to 'Enabled'WindowsCIS Microsoft Intune for Windows 10 Release 2004 v1.0.1 L1 + BL
18.8.34.6.4 Ensure 'Require a password when a computer wakes (plugged in)' is set to 'Enabled'WindowsCIS Microsoft Intune for Windows 10 Release 2004 v1.0.1 L1 + BL + NG
18.8.34.6.4 Ensure 'Require a password when a computer wakes (plugged in)' is set to 'Enabled'WindowsCIS Microsoft Intune for Windows 10 Release 2004 v1.0.1 L1 + NG
18.8.34.6.4 Ensure 'Require a password when a computer wakes (plugged in)' is set to 'Enabled'WindowsCIS Microsoft Intune for Windows 10 Release 2004 v1.0.1 L1
18.8.34.6.5 Ensure 'Require a password when a computer wakes (on battery)' is set to 'Enabled'WindowsCIS Microsoft Windows 10 Enterprise v1.12.0 L1
18.8.34.6.5 Ensure 'Require a password when a computer wakes (on battery)' is set to 'Enabled'WindowsCIS Microsoft Windows 10 Enterprise v1.12.0 L1 + NG
18.8.34.6.5 Ensure 'Require a password when a computer wakes (on battery)' is set to 'Enabled'WindowsCIS Microsoft Windows 10 Enterprise v1.12.0 L1 + BL + NG
18.8.34.6.5 Ensure 'Require a password when a computer wakes (on battery)' is set to 'Enabled'WindowsCIS Microsoft Windows 10 Enterprise v1.12.0 L1 + BL