On a daily basis, outside of business hours and after an appropriate period of inactivity, user sessions are terminated and workstations are restarted.
Topic
Session termination
Applicable to
all
History
Priority
should
Sep 2022
On a daily basis, outside of business hours and after an appropriate period of inactivity, user sessions are terminated and workstations are restarted.
The existing control covering restarting workstations outside of business hours, after a suitable period of inactivity, was amended to clarify that this should be occurring on a daily basis.
Mar 2022
Outside of business hours, after an appropriate period of inactivity, user sessions are automatically terminated and workstations are rebooted.
Miscellaneous changes were made to rationale and recommendations throughout the publication to clarify content without changing intent. This included a review from the Guidelines for System Hardening chapter through to the Guidelines for Data Transfers chapter.
Aug 2020
Outside of business hours, and after an appropriate period of inactivity, user sessions are terminated and workstations are rebooted.
Security control 0853 was introduced to ensure that user sessions are terminated and workstations are rebooted after a defined period of inactivity outside of business hours.
2010
Agencies should develop and implement a policy to automatically logout and shutdown workstations afteran appropriate time of inactivity.