CCI-000054 requires that “The information system limits the number of concurrent sessions for each organization-defined account and/or account type to an organization-defined number of sessions.”

The organization may define the maximum number of concurrent sessions for an information system account globally, by account type, by account, or a combination. This control addresses concurrent sessions for a given information system account and does not address concurrent sessions by a single user via multiple system accounts.

This Control Correlation Identifier (CCI) was published on by DISA on 2009-05-19.

This CCI is of the following type: technical

What is Control Correlation Identifier (CCI)?

The Control Correlation Identifier (CCI) provides a standard identifier and description for each of the singular, actionable statements that comprise an IA (Information Assurance) control or IA best practice. CCI bridges the gap between high-level policy expressions and low-level technical implementations. CCI allows a security requirement that is expressed in a high-level policy framework to be decomposed and explicitly associated with the low-level security setting(s) that must be assessed to determine compliance with the objectives of that specific security control. This ability to trace security requirements from their origin (e.g., regulations, IA frameworks) to their low-level implementation allows organizations to readily demonstrate compliance to multiple IA compliance frameworks. CCI also provides a means to objectively rollup and compare related compliance assessment results across disparate technologies.

Reference(s)

• NIST SP 800-53 – AC-10
• NIST SP 800-53 Revision 4 – AC-10
• NIST SP 800-53A – AC-10.1 (ii)

Source(s)

• https://public.cyber.mil/stigs/cci/
• https://www.tenable.com/audits/references/CCI