With 205 Controls, 423 enhancements and 1,394 definitions, it's overwhelming! Lucky for you, ISL's Cyber Security Professionals are here to help.

Contact us so we can discuss what Cyber Security controls mean to your organization.

AC-11 : SESSION LOCK

FAMILY: Access ControlCLASS: Technical

AC-11 : SESSION LOCK

Control:
The information system:
    a. Prevents further access to the system by initiating a session lock after [Assignment: organization-defined time period] of inactivity or upon receiving a request from a user; and
    b. Retains the session lock until the user reestablishes access using established identification and authentication procedures.
    
Supplemental Guidance:
A session lock is a temporary action taken when a user stops work and moves away from the immediate physical vicinity of the information system but does not want to log out because of the temporary nature of the absence. The session lock is implemented at the point where session activity can be determined. This is typically at the operating system-level, but may be at the application-level. A session lock is not a substitute for logging out of the information system, for example, if the organization requires users to log out at the end of the workday.
Control Enhancements:
(1) The information system session lock mechanism, when activated on a device with a display screen, places a publicly viewable pattern onto the associated display, hiding what was previously visible on the screen.
References: OMB Memorandum 06-16.
Priority and Baseline Allocation:
P3 LOW AC-11 Not Selected MOD AC-11 HIGH AC-11