AC-02(05)—Account Management | Inactivity Logout
Moderate
>Control Description
Require that users log out when ⚙organization-defined time period of expected inactivity or description of when to log out.
>Discussion
Inactivity logout is behavior- or policy-based and requires users to take physical action to log out when they are expecting inactivity longer than the defined period. Automatic enforcement of inactivity logout is addressed by AC-11.
>Cross-Framework Mappings
Ask AI
Configure your API key to use AI features.