Control(s)
Require that users log out when [Assignment: organization-defined time period of expected inactivity or description of when to log out].
Additional Details (Discussion)
Inactivity logout is behavior- or policy-based and requires users to take physical action to log out when they are expecting inactivity longer than the defined period. Automatic enforcement of inactivity logout is addressed by AC-11.
Related Control(s)
- AC-11.