027 – Allow session lockout

Summary

The system must provide users the option to manually lock their session from any resource protected by authentication.

Description

This control allows users to take preventive measures to secure their accounts or sensitive information, especially in situations where they anticipate leaving their workstation unattended or when there's a potential security risk.

Supported In

Advanced: True

References

• NIST80053-AC-2_2. Removal of temporary or emergency accounts
• NIST80053-AC-2_13. Disable accounts for high-risk individuals
• MITRE-M1036. Account use policies
• CMMC-AC_L2-3_1_10. Session lock
• OWASPRISKS-P8. Missing or insufficient session expiration
• OWASPSCP-4. Session management
• FISMA-AC-2_2. Removal of temporary or emergency accounts
• FISMA-AC-2_13. Disable accounts for high-risk individuals

Last updated

2024/01/18