AC-12 Session Termination
Control: The information system automatically terminates a remote session after [Assignment: organization-defined time period] of inactivity.
Supplemental Guidance: A remote session is initiated whenever an organizational information system is accessed by a user (or an information system) communicating through an external, non- organization-controlled network (e.g., the Internet).
Control Enhancements: (1) Automatic session termination applies to local and remote sessions.
Baseline: LOW Not Selected MOD AC-12 HIGH AC-12 (1)
Family: Access Control
ISO 17799 mapping: 11.3.2, 11.5.5
COBIT 4.1 mapping: None.
PCI-DSS v2 mapping: 8.5.15