SC.L2-3.13.9—Connections Termination
Level 2
800-171: 3.13.9
>Control Description
Terminate network connections associated with communications sessions at the end of the sessions or after a defined period of inactivity.
>Cross-Framework Mappings
>Assessment Interview Topics
Questions assessors commonly ask
Process & Governance:
- •What is your policy for session termination?
- •How do you determine appropriate session timeout values?
- •What is your process for implementing session termination controls?
- •How do you balance security with user productivity for session timeouts?
Technical Implementation:
- •What mechanisms terminate idle network sessions?
- •What timeout values are configured for session termination?
- •What application and network layer controls enforce session termination?
- •What logging captures session termination events?
- •What technologies detect and terminate inactive sessions?
Evidence & Documentation:
- •What network diagrams show boundary protection architecture?
- •What firewall rule sets and configurations can you provide?
- •What encryption implementation documentation shows FIPS-validated crypto?
- •What key management procedures can you provide?
- •What network segmentation documentation shows proper separation?
- •What evidence shows cryptographic mechanisms protect CUI?
- •What configuration documentation shows security controls are properly implemented?
Ask AI
Configure your API key to use AI features.