| Control Domain |
Control |
Name |
MetadataId |
Category |
Title |
Owner |
Requirements |
Description |
Info |
Policy# |
| FedRAMP_High_R4 |
SC-10 |
FedRAMP_High_R4_SC-10 |
FedRAMP High SC-10 |
System And Communications Protection |
Network Disconnect |
Shared |
n/a |
The information system terminates the network connection associated with a communications session at the end of the session or after [Assignment: organization-defined time period] of inactivity.
Supplemental Guidance: This control applies to both internal and external networks. Terminating network connections associated with communications sessions include, for example, de-allocating associated TCP/IP address/port pairs at the operating system level, or de-allocating networking assignments at the application level if multiple application sessions are using a single, operating system-level network connection. Time periods of inactivity may be established by organizations and include, for example, time periods by type of network access or for specific network accesses.
Control Enhancements: None.
References: None. |
link |
1 |
| FedRAMP_Moderate_R4 |
SC-10 |
FedRAMP_Moderate_R4_SC-10 |
FedRAMP Moderate SC-10 |
System And Communications Protection |
Network Disconnect |
Shared |
n/a |
The information system terminates the network connection associated with a communications session at the end of the session or after [Assignment: organization-defined time period] of inactivity.
Supplemental Guidance: This control applies to both internal and external networks. Terminating network connections associated with communications sessions include, for example, de-allocating associated TCP/IP address/port pairs at the operating system level, or de-allocating networking assignments at the application level if multiple application sessions are using a single, operating system-level network connection. Time periods of inactivity may be established by organizations and include, for example, time periods by type of network access or for specific network accesses.
Control Enhancements: None.
References: None. |
link |
1 |
| hipaa |
11126.01t1Organizational.12-01.t |
hipaa-11126.01t1Organizational.12-01.t |
11126.01t1Organizational.12-01.t |
11 Access Control |
11126.01t1Organizational.12-01.t 01.05 Operating System Access Control |
Shared |
n/a |
A time-out mechanism (e.g., a screen saver) pauses the session screen after 15 minutes of inactivity, closes network sessions after 30 minutes of inactivity, and requires the user to reestablish authenticated access once the session has been paused or closed; or, if the system cannot be modified, a limited form of time-out that clears the screen but does not close down the application or network sessions is used. |
|
1 |
| ISO27001-2013 |
A.13.1.1 |
ISO27001-2013_A.13.1.1 |
ISO 27001:2013 A.13.1.1 |
Communications Security |
Network controls |
Shared |
n/a |
Networks shall be managed and controlled to protect information in systems and applications. |
link |
40 |
| NIST_SP_800-171_R2_3 |
.13.9 |
NIST_SP_800-171_R2_3.13.9 |
NIST SP 800-171 R2 3.13.9 |
System and Communications Protection |
Terminate network connections associated with communications sessions at the end of the sessions or after a defined period of inactivity. |
Shared |
Microsoft and the customer share responsibilities for implementing this requirement. |
This requirement applies to internal and external networks. Terminating network connections associated with communications sessions include de-allocating associated TCP/IP address or port pairs at the operating system level, or de-allocating networking assignments at the application level if multiple application sessions are using a single, operating system-level network connection. Time periods of user inactivity may be established by organizations and include time periods by type of network access or for specific network accesses |
link |
1 |
| NIST_SP_800-53_R4 |
SC-10 |
NIST_SP_800-53_R4_SC-10 |
NIST SP 800-53 Rev. 4 SC-10 |
System And Communications Protection |
Network Disconnect |
Shared |
n/a |
The information system terminates the network connection associated with a communications session at the end of the session or after [Assignment: organization-defined time period] of inactivity.
Supplemental Guidance: This control applies to both internal and external networks. Terminating network connections associated with communications sessions include, for example, de-allocating associated TCP/IP address/port pairs at the operating system level, or de-allocating networking assignments at the application level if multiple application sessions are using a single, operating system-level network connection. Time periods of inactivity may be established by organizations and include, for example, time periods by type of network access or for specific network accesses.
Control Enhancements: None.
References: None. |
link |
1 |
| NIST_SP_800-53_R5 |
SC-10 |
NIST_SP_800-53_R5_SC-10 |
NIST SP 800-53 Rev. 5 SC-10 |
System and Communications Protection |
Network Disconnect |
Shared |
n/a |
Terminate the network connection associated with a communications session at the end of the session or after [Assignment: organization-defined time period] of inactivity. |
link |
1 |
| SWIFT_CSCF_v2022 |
2.6 |
SWIFT_CSCF_v2022_2.6 |
SWIFT CSCF v2022 2.6 |
2. Reduce Attack Surface and Vulnerabilities |
Protect the confidentiality and integrity of interactive operator sessions that connect to the local or remote (operated by a service provider) SWIFT infrastructure or service provider SWIFT-related applications |
Shared |
n/a |
The confidentiality and integrity of interactive operator sessions that connect to service provider SWIFT-related applications or into the secure zone are safeguarded. |
link |
17 |