>myctrl.tools
Preferences
Under active development Content is continuously updated and improved
Compare

IAM-32Ability to Disable Remote Sessions

>Control Description

Organization has a defined process and mechanisms in place to expeditiously disable or disconnect remote access to information systems within a defined time frame based on business need.

Theme

Process

Type

Preventive

Policy/Standard

Remote Access Procedure

>Implementation Guidance

1. Ensure that the server configuration for idle-session timeout is set to 15 minutes. 2. Ensure that access credentials expiry configuration is present. 3. Ensure remote connection tools such as (VPN or Management consoles) have session expirations enabled.

>Testing Procedure

1. Inspect the server configuration showing that idle-session timeout is set to 15 minutes. 2. Validate that access credentials expiry configuration is present. 3. Inspect that remote connection tools such as (VPN or Management consoles) have session expirations enabled.

>Audit Artifacts

E-IAM-44
E-IAM-45
E-IAM-46

>Framework Mappings

Cross-framework mappings provided by Adobe CCF Open Source under Creative Commons License.

CIS Controls
1

13.5

PCI DSS
1

12.2.1

Ask AI

Configure your API key to use AI features.