>myctrl.tools
Preferences
Under active development Content is continuously updated and improved
Compare

AC.L2-3.1.10Session Lock

Level 2
800-171: 3.1.10

>Control Description

Use session lock with pattern-hiding displays to prevent access and viewing of data after a period of inactivity.

>Cross-Framework Mappings

NIST SP 800-171

3.1.10
Compare

SCF

IAC-24
Compare
IAC-24.1
Compare

>Assessment Interview Topics

Questions assessors commonly ask

Process & Governance:

  • What is your organization's policy for session lock timeout periods?
  • How do you determine appropriate inactivity timeouts for different system types?
  • What governance ensures session lock settings are consistently applied?

Technical Implementation:

  • What mechanisms implement automatic session lock (screensavers, OS settings)?
  • How is session lock technically configured and enforced across all endpoints?
  • What technologies hide screen content during session lock?
  • How do you verify session lock settings are properly configured?
  • What tools ensure users cannot disable session lock?

Evidence & Documentation:

  • What documentation demonstrates your access control policies and procedures?
  • What access control matrices or permissions documentation can you provide?
  • What access request and approval records can you show?
  • What access review documentation demonstrates periodic reviews?
  • What audit logs demonstrate access control enforcement?
  • What screenshots or configuration exports show access control settings?

Ask AI

Configure your API key to use AI features.