4.3: Configure Automatic Session Locking on Enterprise Assets

CSF v1.1 References:

PR.IP-1

PF v1.0 References:

PR.PO-P1

Threats Addressed:

Spoofing
Repudiation

Group:

Previous Version:

Critical Security Controls Version 7.1:
16.11: Lock Workstation Sessions After Inactivity

Control Statement

Configure automatic session locking on enterprise assets after a defined period of inactivity. For general purpose operating systems, the period must not exceed 15 minutes. For mobile end-user devices, the period must not exceed 2 minutes.

[csf.tools Note: For more information on the Critical Security Controls, visit the Center for Internet Security.]

Control Statement

Related Controls

NIST Special Publication 800-53 Revision 5

NIST Special Publication 800-171 Revision 2

NIST Special Publication 800-53 Revision 4