last sync: 2024-Oct-11 17:51:27 UTC

Define and enforce the limit of concurrent sessions | Regulatory Compliance - Operational

Azure BuiltIn Policy definition

Source Azure Portal
Display name Define and enforce the limit of concurrent sessions
Id d8350d4c-9314-400b-288f-20ddfce04fbd
Version 1.1.0
Details on versioning
Versioning Versions supported for Versioning: 1
1.1.0
Built-in Versioning [Preview]
Category Regulatory Compliance
Microsoft Learn
Description CMA_C1050 - Define and enforce the limit of concurrent sessions
Additional metadata Name/Id: CMA_C1050 / CMA_C1050
Category: Operational
Title: Define and enforce the limit of concurrent sessions
Ownership: Customer
Description: The customer is responsible for defining and enforcing the limit of concurrent sessions for each customer-controlled account and/or account type.
Requirements: The customer is responsible for implementing this recommendation.
Mode All
Type BuiltIn
Preview False
Deprecated False
Effect Default
Manual
Allowed
Manual, Disabled
RBAC role(s) none
Rule aliases none
Rule resource types IF (1)
Microsoft.Resources/subscriptions
Compliance
The following 5 compliance controls are associated with this Policy definition 'Define and enforce the limit of concurrent sessions' (d8350d4c-9314-400b-288f-20ddfce04fbd)
Control Domain Control Name MetadataId Category Title Owner Requirements Description Info Policy#
FedRAMP_High_R4 AC-10 FedRAMP_High_R4_AC-10 FedRAMP High AC-10 Access Control Concurrent Session Control Shared n/a The information system limits the number of concurrent sessions for each [Assignment: organization-defined account and/or account type] to [Assignment: organization-defined number]. Supplemental Guidance: Organizations may define the maximum number of concurrent sessions for information system accounts globally, by account type (e.g., privileged user, non-privileged user, domain, specific application), by account, or a combination. For example, organizations may limit the number of concurrent sessions for system administrators or individuals working in particularly sensitive domains or mission-critical applications. This control addresses concurrent sessions for information system accounts and does not address concurrent sessions by single users via multiple system accounts. Control Enhancements: None. References: None. link 1
FedRAMP_Moderate_R4 AC-10 FedRAMP_Moderate_R4_AC-10 FedRAMP Moderate AC-10 Access Control Concurrent Session Control Shared n/a The information system limits the number of concurrent sessions for each [Assignment: organization-defined account and/or account type] to [Assignment: organization-defined number]. Supplemental Guidance: Organizations may define the maximum number of concurrent sessions for information system accounts globally, by account type (e.g., privileged user, non-privileged user, domain, specific application), by account, or a combination. For example, organizations may limit the number of concurrent sessions for system administrators or individuals working in particularly sensitive domains or mission-critical applications. This control addresses concurrent sessions for information system accounts and does not address concurrent sessions by single users via multiple system accounts. Control Enhancements: None. References: None. link 1
hipaa 1114.01h1Organizational.123-01.h hipaa-1114.01h1Organizational.123-01.h 1114.01h1Organizational.123-01.h 11 Access Control 1114.01h1Organizational.123-01.h 01.03 User Responsibilities Shared n/a Covered or critical business information is not left unattended or available for unauthorized individuals to access, including on desks, printers, copiers, fax machines, and computer monitors. 2
NIST_SP_800-53_R4 AC-10 NIST_SP_800-53_R4_AC-10 NIST SP 800-53 Rev. 4 AC-10 Access Control Concurrent Session Control Shared n/a The information system limits the number of concurrent sessions for each [Assignment: organization-defined account and/or account type] to [Assignment: organization-defined number]. Supplemental Guidance: Organizations may define the maximum number of concurrent sessions for information system accounts globally, by account type (e.g., privileged user, non-privileged user, domain, specific application), by account, or a combination. For example, organizations may limit the number of concurrent sessions for system administrators or individuals working in particularly sensitive domains or mission-critical applications. This control addresses concurrent sessions for information system accounts and does not address concurrent sessions by single users via multiple system accounts. Control Enhancements: None. References: None. link 1
NIST_SP_800-53_R5 AC-10 NIST_SP_800-53_R5_AC-10 NIST SP 800-53 Rev. 5 AC-10 Access Control Concurrent Session Control Shared n/a Limit the number of concurrent sessions for each [Assignment: organization-defined account and/or account type] to [Assignment: organization-defined number]. link 1
Initiatives usage
Initiative DisplayName Initiative Id Initiative Category State Type
FedRAMP High d5264498-16f4-418a-b659-fa7ef418175f Regulatory Compliance GA BuiltIn
FedRAMP Moderate e95f5a9f-57ad-4d03-bb0b-b1d16db93693 Regulatory Compliance GA BuiltIn
HITRUST/HIPAA a169a624-5599-4385-a696-c8d643089fab Regulatory Compliance GA BuiltIn
NIST SP 800-53 Rev. 4 cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f Regulatory Compliance GA BuiltIn
NIST SP 800-53 Rev. 5 179d1daa-458f-4e47-8086-2a68d0d6c38f Regulatory Compliance GA BuiltIn
History
Date/Time (UTC ymd) (i) Change type Change detail
2022-09-27 16:35:32 change Minor (1.0.0 > 1.1.0)
2022-09-19 17:41:40 add d8350d4c-9314-400b-288f-20ddfce04fbd
JSON compare
compare mode: version left: version right:
JSON
api-version=2021-06-01
EPAC