Navigate

CCI-000059

CCI-000059 Definition

The organization defines the time period of inactivity after which the information system initiates a session lock.

Status
Type	CheckType.policy

Master Assessment Datasheet

Implementation Guidance

DoD has defined the time period as 15 minutes.

Validation Procedures

The organization being inspected/assessed is automatically compliant with this CCI because they are covered at the DoD level. DoD has defined the time period as 15 minutes.

Compelling Evidence

Automatically compliant

Related Controls

The controls below (if any) were marked by NIST as being related to CCI-000059.

Control	Description
AC-11	The information system: AC-11a.: Prevents further access to the system by initiating a session lock after [Assignment: organization-defined time period] of inactivity or upon receiving a request from a user; and AC-11b.: Retains the session lock until the user reestablishes access using established identification and authentication procedures.