Information Technology Reference
In-Depth Information
Category/
Subcategory/
Element
Control
Reference
Control Summary
Interpretation
AC-10
Concurrent session
control
The information system limits the
number of concurrent sessions
for any user to [assignment:
organization-defined number of
sessions].
AC-11
Session lock
The information system prevents
further access to the system by
initiating a session lock after
[assignment: organization-defined
time period] of inactivity, and the
session lock remains in effect until
the user reestablishes access using
appropriate identification and
authentication procedures.
AC-12
Session termination
The information system
automatically terminates a remote
session after [assignment:
organization-defined time period]
of inactivity.
AC-13
Supervision and
review—access
control
The organization supervises and
reviews the activities of users with
respect to the enforcement and
usage of information system
access controls.
AC-14
Permitted actions
without
identification or
authentication
The organization identifies and
documents specific user actions
that can be performed on the
information system without
identification or authentication.
AC-15
Automated marking
The information system marks
output using standard naming
conventions to identify any
special dissemination, handling,
or distribution instructions.
AC-16
Automated labeling
The information system
appropriately labels information
in storage, in process, and in
transmission.
AC-17
Remote access
The organization authorizes,
monitors, and controls all
methods of remote access to the
information system.
