Navigate

CCI-000019

CCI-000019 Definition

The organization requires that users log out in accordance with the organization-defined time period of inactivity or description of when to log out.

Status
Type	CheckType.policy

Master Assessment Datasheet

Implementation Guidance

The organization being inspected/assessed documents in the user policies that users are required to log out at the end of the users standard work period unless otherwise defined in formal organizational policy and IAW conditions defined in AC-2 (5) CCI 2133. DoD has defined the time period as at the end of the users standard work period unless otherwise defined in formal organizational policy.

Validation Procedures

The organization conducting the inspection/assessment obtains and examines the user policies to ensure that users are required to log out at the end of the users standard work period unless otherwise defined in formal organizational policy and IAW conditions defined in AC-2 (5) CCI 2133. DoD has defined the time period as at the end of the users standard work period unless otherwise defined in formal organizational policy.

Compelling Evidence

1.) Signed and dated documentation that defines the other organization-defined requirement when users are supposed to log out 2.) Audit trail

Related Controls

The controls below (if any) were marked by NIST as being related to CCI-000019.

Control	Description
AC-2 (5)	The organization requires that users log out when [Assignment: organization-defined time-period of expected inactivity or description of when to log out].