Navigate

CCI-000019

CCI-000019 Definition

Require that users log out in accordance with the organization-defined time-period of expected inactivity or description of when to log out.

Status
Type	CheckType.policy

Master Assessment Datasheet

Implementation Guidance

Determine if users are required to log out when [AC-02(05)_ODP; the time period of expected inactivity or description of when to log out is defined].

Validation Procedures

Examine: [SELECT FROM: Access control policy; procedures addressing account management; system design documentation; system configuration settings and associated documentation; security violation reports; system audit records; system security plan; other relevant documents or records]. Interview: [SELECT FROM: Organizational personnel with account management responsibilities; system/network administrators; organizational personnel with information security responsibilities; users that must comply with inactivity logout policy].

Related Controls

The controls below (if any) were marked by NIST as being related to CCI-000019.

Control	Description
AC-2(5)	Require that users log out when [the time period of expected inactivity or description of when to log out is defined;].