AC.L2-3.1.11—Session Termination
Level 2
800-171: 3.1.11
>Control Description
Terminate (automatically) a user session after a defined condition.
>Cross-Framework Mappings
>Assessment Interview Topics
Questions assessors commonly ask
Process & Governance:
- •What policies and procedures govern implementation of Session Termination?
- •Who is responsible for overseeing compliance with this requirement?
- •How do you communicate requirements to relevant personnel?
- •How often do you review and update policies related to this control?
- •What governance process ensures consistent implementation across the organization?
Technical Implementation:
- •What technologies and tools implement Session Termination?
- •How do you technically enforce this requirement?
- •What automated mechanisms support this control?
- •What logging or monitoring provides visibility into implementation?
- •How do you verify technical implementation is functioning correctly?
Evidence & Documentation:
- •What documentation demonstrates your access control policies and procedures?
- •What access control matrices or permissions documentation can you provide?
- •What access request and approval records can you show?
- •What access review documentation demonstrates periodic reviews?
- •What audit logs demonstrate access control enforcement?
- •What screenshots or configuration exports show access control settings?
Ask AI
Configure your API key to use AI features.