AC-11 Session Lock
Control: The information system prevents further access to the system by initiating a session lock after [Assignment: organization-defined time period] of inactivity, and the session lock remains in effect until the user reestablishes access using appropriate identification and authentication procedures.
Supplemental Guidance: Users can directly initiate session lock mechanisms. A session lock is not a substitute for logging out of the information system. Organization-defined time periods of inactivity comply with federal policy; for example, in accordance with OMB Memorandum 06-16, the organization-defined time period is no greater than thirty minutes for remote access and portable devices.
Control Enhancements: (0) None.
Baseline: LOW Not Selected MOD AC-11 HIGH AC-11
Family: Access Control
ISO 17799 mapping: 11.3.2
COBIT 4.1 mapping: None.
PCI-DSS v2 mapping: 8.5.14