Detections
Analytics

800-53|AC-12

Title

SESSION TERMINATION

Description

The information system automatically terminates a user session after [Assignment: organization-defined conditions or trigger events requiring session disconnect].

Supplemental

This control addresses the termination of user-initiated logical sessions in contrast to SC-10 which addresses the termination of network connections that are associated with communications sessions (i.e., network disconnect). A logical session (for local, network, and remote access) is initiated whenever a user (or process acting on behalf of a user) accesses an organizational information system. Such user sessions can be terminated (and thus terminate user access) without terminating network sessions. Session termination terminates all processes associated with a user's logical session except those processes that are specifically created by the user (i.e., session owner) to continue after the session is terminated. Conditions or trigger events requiring automatic session termination can include, for example, organization-defined periods of user inactivity, targeted responses to certain types of incidents, time-of-day restrictions on information system use.

Reference Item Details

Related: SC-10,SC-23

Category: ACCESS CONTROL

Family: ACCESS CONTROL

Priority: P2

Baseline Impact: MODERATE,HIGH

Audit Items

View all Reference Audit Items

NamePluginAudit Name
1.1.3.11.17 Configure 'Network security: Force logoff when logon hours expire'WindowsCIS Windows 8 L1 v1.0.0
1.1.8 Session ManagementArubaOSCIS HPE Aruba Networking CX Switch v1.0.1 Optional Security Recommendations
1.1.8 Session ManagementArubaOSCIS HPE Aruba Networking CX Switch v1.0.1 L1
1.2.4 - /etc/security/login.cfg - 'logintimeout <= 30'UnixCIS AIX 5.3/6.1 L1 v1.1.0
1.2.6 Set 'exec-timeout' to less than or equal to 10 minutes for 'line aux 0'CiscoCIS Cisco IOS XE 17.x v2.2.1 L1
1.2.6 Set 'exec-timeout' to less than or equal to 10 minutes for 'line aux 0'CiscoCIS Cisco IOS 12 L1 v4.0.0
1.2.6 Set 'exec-timeout' to less than or equal to 10 minutes for 'line aux 0'CiscoCIS Cisco IOS XE 16.x v2.2.0 L1
1.2.7 Set 'exec-timeout' to less than or equal to 10 minutes 'line console 0'CiscoCIS Cisco IOS XE 16.x v2.2.0 L1
1.2.7 Set 'exec-timeout' to less than or equal to 10 minutes 'line console 0'CiscoCIS Cisco IOS XE 17.x v2.2.1 L1
1.2.7 Set 'exec-timeout' to less than or equal to 10 minutes 'line console 0'CiscoCIS Cisco IOS 12 L1 v4.0.0
1.2.8 Set 'exec-timeout' less than or equal to 10 minutes 'line tty'CiscoCIS Cisco IOS 12 L1 v4.0.0
1.2.8 Set 'exec-timeout' to less than or equal to 10 minutes 'line vty'CiscoCIS Cisco IOS XE 17.x v2.2.1 L1
1.2.8 Set 'exec-timeout' to less than or equal to 10 minutes 'line vty'CiscoCIS Cisco IOS XE 16.x v2.2.0 L1
1.2.9 Set 'exec-timeout' to less than or equal to 10 minutes 'line vty'CiscoCIS Cisco IOS 12 L1 v4.0.0
1.2.9 Set 'transport input none' for 'line aux 0'CiscoCIS Cisco IOS XE 16.x v2.2.0 L1
1.2.11 Set 'exec-timeout' to less than or equal to 10 min on 'ip http'CiscoCIS Cisco IOS XE 16.x v2.2.0 L1
1.3 O19C-00-000300OracleDBCIS Oracle Database 19c STIG v1.1.0 CAT II OracleDB
1.3.2 (L2) Ensure 'Idle session timeout' is set to '3 hours (or less)' for unmanaged devicesmicrosoft_azureCIS Microsoft 365 Foundations v6.0.1 L2 E3
1.3.2 (L2) Ensure 'Idle session timeout' is set to '3 hours (or less)' for unmanaged devicesmicrosoft_azureCIS Microsoft 365 Foundations v6.0.1 L2 E5
1.4.1 Ensure 'Idle timeout' is less than or equal to 10 minutes for device managementPalo_AltoCIS Palo Alto Firewall 7 Benchmark L1 v1.0.0
1.4.1 Ensure 'Idle timeout' is less than or equal to 10 minutes for device managementPalo_AltoCIS Palo Alto Firewall 11 v1.2.0 L1
1.4.1 Ensure 'Idle timeout' is less than or equal to 10 minutes for device managementPalo_AltoCIS Palo Alto Firewall 10 v1.3.0 L1
1.4.1 Ensure 'Idle timeout' is less than or equal to 10 minutes for device managementPalo_AltoCIS Palo Alto Firewall 6 Benchmark L1 v1.0.0
1.4.1 Ensure 'Idle timeout' is less than or equal to 10 minutes for device managementPalo_AltoCIS Palo Alto Firewall 9 v1.1.0 L1
1.4.2 Ensure 'Failed Attempts' and 'Lockout Time' for Authentication Profile are properly configuredPalo_AltoCIS Palo Alto Firewall 10 v1.3.0 L1
1.4.2 Ensure 'Failed Attempts' and 'Lockout Time' for Authentication Profile are properly configuredPalo_AltoCIS Palo Alto Firewall 11 v1.2.0 L1
1.12 Ensure 'Smart Lock' is set to 'Disabled'MDMAirWatch - CIS Google Android v1.6.0 L2
1.12 Ensure 'Smart Lock' is set to 'Disabled'MDMMobileIron - CIS Google Android v1.6.0 L2
1.13 VCEM-80-000070UnixCIS VMware vSphere 8.0 vCenter Appliance ESX Agent Manager EAM STIG v1.0.0 CAT II
1.13 VCPF-80-000070UnixCIS VMware vSphere 8.0 vCenter Appliance Perfcharts STIG v1.0.0 CAT II
1.13 VCST-80-000070UnixCIS VMware vSphere 8.0 vCenter Appliance Secure Token Service STS STIG v1.0.0 CAT II
1.13 VCUI-80-000070UnixCIS VMware vSphere 8.0 vCenter Appliance User Interface UI STIG v1.0.0 CAT II
1.14 VCLU-80-000070UnixCIS VMware vSphere 8.0 vCenter Appliance Lookup Service STIG v1.0.0 CAT II
1.17 VCSA-80-000089VMwareCIS VMware vSphere 8.0 vCenter STIG v1.0.0 CAT II
1.19 IBMW-LS-000720UnixCIS IBM WebSphere Liberty Server STIG v1.0.0 CAT II
1.26 APPL-14-000120UnixCIS Apple macOS 14 Sonoma STIG v1.0.0 CAT II
1.26 SLES-15-010280UnixCIS SUSE Linux Enterprise Server 15 STIG v1.0.0 CAT II
1.27 APPL-14-000130UnixCIS Apple macOS 14 Sonoma STIG v1.0.0 CAT II
1.29 APPL-14-000160UnixCIS Apple macOS 14 Sonoma STIG v1.0.0 CAT II
1.29 SLES-15-010320UnixCIS SUSE Linux Enterprise Server 15 STIG v1.0.0 CAT II
1.31 OL08-00-010200UnixCIS Oracle Linux 8 STIG v1.0.0 CAT II
1.32 OL08-00-010201UnixCIS Oracle Linux 8 STIG v1.0.0 CAT II
1.37 UBTU-24-200060UnixCIS Ubuntu Linux 24.04 LTS STIG v1.0.0 CAT II
1.40 PHTN-40-000093UnixCIS VMware vSphere 8.0 vCenter Appliance Photon OS 4.0 STIG v1.0.0 CAT II
1.52 EX19-MB-000158WindowsCIS Microsoft Exchange 2019 Mailbox Server STIG v1.0.0 CAT III
1.162 WN22-DC-000160WindowsCIS Microsoft Windows Server 2022 STIG v3.0.0 DC CAT III
1.221 RHEL-09-255095UnixCIS Red Hat Enterprise Linux 9 STIG v1.0.0 CAT II
1.222 RHEL-09-255100UnixCIS Red Hat Enterprise Linux 9 STIG v1.0.0 CAT II
1.338 RHEL-10-700660UnixCIS Red Hat Enterprise Linux 10 STIG v1.0.0 CAT II
1.364 RHEL-10-700930UnixCIS Red Hat Enterprise Linux 10 STIG v1.0.0 CAT II