STIGViewer Trial workspace — loading your subscription…

NIST 800-171 v2

110 security requirements available

3.1.11Derived Requirement

Access Control

Security Requirement

Terminate (automatically) a user session after a defined condition.

Discussion

This requirement addresses the termination of user-initiated logical sessions in contrast to the termination of network connections that are associated with communications sessions (i.e., disconnecting from the network). A logical session (for local, network, and remote access) is initiated whenever a user (or process acting on behalf of a user) accesses an organizational system. Such user sessions can be terminated (and thus terminate user access) without terminating network sessions. Session termination terminates all processes associated with a user’s logical session except those processes that are specifically created by the user (i.e., session owner) to continue after the session is terminated. Conditions or trigger events requiring automatic session termination can include organization-defined periods of user inactivity, targeted responses to certain types of incidents, and time-of-day restrictions on system use

Framework
NIST SP 800-171 Rev 2
Family
Access Control
Requirement Type
derived

Related Frameworks

4 paths across 2 frameworks
NIST 800-531 mapping
AC-12
1.00
  • NIST · Rev 2 (Feb 2020, errata Jan 2021) · nist_800_171_app_d · equivalent
CCI3 mappings
CCI-002254
1.00
  • NIST · Rev 2 (Feb 2020, errata Jan 2021) · nist_800_171_app_d · equivalent
  • DISA · 2025-01-23 · disa_cci_list · equivalent
CCI-002360
1.00
  • NIST · Rev 2 (Feb 2020, errata Jan 2021) · nist_800_171_app_d · equivalent
  • DISA · 2025-01-23 · disa_cci_list · equivalent
CCI-002361
1.00
  • NIST · Rev 2 (Feb 2020, errata Jan 2021) · nist_800_171_app_d · equivalent
  • DISA · 2025-01-23 · disa_cci_list · equivalent

Related STIGs

61 STIGs reach this control through 8 CCIs via 800-53 control AC-12. Expand a row to see the responsible NICE and O*NET roles.

Operating System — Desktop

3 STIGs

Operating System — Server

5 STIGs

Operating System — Mainframe

5 STIGs
CA IDMS Security Technical Implementation Guide
V2R12024-09-138 of 74 findings match
Mainframe Product Security Requirements Guide
V3R42025-09-103 of 194 findings match
IBM z/OS ACF2 Security Technical Implementation Guide
V9R82026-03-091 of 225 findings match
IBM z/OS RACF Security Technical Implementation Guide
V9R82026-03-091 of 222 findings match
IBM z/OS TSS Security Technical Implementation Guide
V9R82026-03-091 of 230 findings match

Network Device

11 STIGs

Database

11 STIGs
Database Security Requirements Guide
V4R52026-02-262 of 142 findings match
Show 3 more STIGs in this category →

Web / Application Server

11 STIGs

Virtualization / Container

6 STIGs

Endpoint Security Management

9 STIGs
Central Log Server Security Requirements Guide
V3R42026-02-123 of 127 findings match
Show 1 more STIG in this category →
Tanium 7.x Security Technical Implementation Guide
V2R32025-05-141 of 98 findings match