4.3: Configure Automatic Session Locking on Enterprise Assets
CSF v1.1 References:
PF v1.0 References:
Threats Addressed:
Previous Version:
- Critical Security Controls Version 7.1:
- 16.11: Lock Workstation Sessions After Inactivity
Control Statement
Configure automatic session locking on enterprise assets after a defined period of inactivity. For general purpose operating systems, the period must not exceed 15 minutes. For mobile end-user devices, the period must not exceed 2 minutes.
[csf.tools Note: For more information on the Critical Security Controls, visit the Center for Internet Security.]