AC-10: Concurrent Session Control

Control Family:

Access Control

CSF v1.1 References:

PR.AC-5

PF v1.0 References:

PR.AC-P5

Threats Addressed:

Spoofing
Lateral Movement

Baselines:

Low
N/A
Moderate
N/A
High
- AC-10
Privacy
N/A

Previous Version:

NIST Special Publication 800-53 Revision 4:
AC-10: Concurrent Session Control

Control Statement

Limit the number of concurrent sessions for each [Assignment: organization-defined account and/or account type] to [Assignment: organization-defined number].

Supplemental Guidance

Organizations may define the maximum number of concurrent sessions for system accounts globally, by account type, by account, or any combination thereof. For example, organizations may limit the number of concurrent sessions for system administrators or other individuals working in particularly sensitive domains or mission-critical applications. Concurrent session control addresses concurrent sessions for system accounts. It does not, however, address concurrent sessions by single users via multiple system accounts.

Control Statement

Supplemental Guidance

Related Controls

NIST Special Publication 800-53 Revision 5

Cloud Controls Matrix v3.0.1