Navigate

CCI-000059

CCI-000059 Definition

Defines the time-period of inactivity after which the system initiates a device lock.

Status
Type	CheckType.policy

Master Assessment Datasheet

Implementation Guidance

Determine if further access to the system is prevented by [AC-11_ODP[01]; one or more of the following PARAMETER VALUES is/are selected: {initiating a device lock after [AC-11_ODP[02]; time period of inactivity after which a device lock is initiated is defined (if selected)] of inactivity; requiring the user to initiate a device lock before leaving the system unattended}].

Validation Procedures

Examine: [SELECT FROM: Access control policy; procedures addressing session lock; procedures addressing identification and authentication; system design documentation; system configuration settings and associated documentation; security plan; system security plan; other relevant documents or records]. Interview: [SELECT FROM: System/network administrators; organizational personnel with information security responsibilities; system developers]. Test: [SELECT FROM: Mechanisms implementing access control policy for session lock].

Related Controls

The controls below (if any) were marked by NIST as being related to CCI-000059.

Control	Description
AC-11	a: Prevent further access to the system by [one or more of "initiating a device lock after {{ insert: param, ac-11_odp.02 }} of inactivity"/"requiring the user to initiate a device lock before leaving the system unattended"] ; and b: Retain the device lock until the user reestablishes access using established identification and authentication procedures.