>myctrl.tools
Preferences
Under active development Content is continuously updated and improved
Compare

IAM-16Session Timeout

>Control Description

Information systems are configured to terminate inactive sessions after 15 minutes or when the user terminates the session.

Theme

Technology

Type

Preventive

Policy/Standard

Access Management Procedure

>Implementation Guidance

1. Ensure that information systems are configured to terminate inactive sessions after 15 minutes or when the user terminates the session.

>Testing Procedure

1. Inspect Organization's Logical Access Account Standard to determine whether the requirements for access reviews were defined. 2. Inspect the server samples from the service team. 3. Select the sample from the listing and inspect session timeout configuration

>Audit Artifacts

E-IAM-01
E-IAM-23

>Framework Mappings

Cross-framework mappings provided by Adobe CCF Open Source under Creative Commons License.

CIS Controls
1

4.3

FedRAMP Rev 5
5

MA-04
AC-11
AC-12
SC-10
SC-23

PCI DSS
1

8.2.8

HIPAA Security Rule
1

164.312(a)(2)(iii)

Cyber Essentials
1

SC

BSI C5
1

PSS-06

TX-RAMP
5

AC-11
AC-12
MA-4
SC-10
SC-23

Ask AI

Configure your API key to use AI features.