IAM-17—Session Limit
>Control Description
Information systems are configured to limit concurrent login sessions and the inactive user interface is not displayed when the session is terminated.
Theme
Technology
Type
Preventive
Policy/Standard
Access Management Procedure>Implementation Guidance
1. Ensure that the systems are configured to limit concurrent login sessions. 2. Ensure that inactive user interface is not displayed when the session is terminated.
>Testing Procedure
1. Inspect Organization's access control policy to check clauses pertaining to limited concurrent login sessions and the inactive user interface is not displayed when the session is terminated are clearly defined. 2. Check logical access systems to ensure the effectiveness for the same.
>Audit Artifacts
E-IAM-24
E-IAM-25
>Framework Mappings
Cross-framework mappings provided by Adobe CCF Open Source under Creative Commons License.
Ask AI
Configure your API key to use AI features.