compliance controls are associated with this Policy definition 'Define and enforce the limit of concurrent sessions' (d8350d4c-9314-400b-288f-20ddfce04fbd)
| Control Domain |
Control |
Name |
MetadataId |
Category |
Title |
Owner |
Requirements |
Description |
Info |
Policy# |
| FedRAMP_High_R4 |
AC-10 |
FedRAMP_High_R4_AC-10 |
FedRAMP High AC-10 |
Access Control |
Concurrent Session Control |
Shared |
n/a |
The information system limits the number of concurrent sessions for each [Assignment: organization-defined account and/or account type] to [Assignment: organization-defined number].
Supplemental Guidance: Organizations may define the maximum number of concurrent sessions for information system accounts globally, by account type (e.g., privileged user, non-privileged user, domain, specific application), by account, or a combination. For example, organizations may limit the number of concurrent sessions for system administrators or individuals working in particularly sensitive domains or mission-critical applications. This control addresses concurrent sessions for information system accounts and does not address concurrent sessions by single users via multiple system accounts.
Control Enhancements: None.
References: None. |
link |
1 |
| FedRAMP_Moderate_R4 |
AC-10 |
FedRAMP_Moderate_R4_AC-10 |
FedRAMP Moderate AC-10 |
Access Control |
Concurrent Session Control |
Shared |
n/a |
The information system limits the number of concurrent sessions for each [Assignment: organization-defined account and/or account type] to [Assignment: organization-defined number].
Supplemental Guidance: Organizations may define the maximum number of concurrent sessions for information system accounts globally, by account type (e.g., privileged user, non-privileged user, domain, specific application), by account, or a combination. For example, organizations may limit the number of concurrent sessions for system administrators or individuals working in particularly sensitive domains or mission-critical applications. This control addresses concurrent sessions for information system accounts and does not address concurrent sessions by single users via multiple system accounts.
Control Enhancements: None.
References: None. |
link |
1 |
| hipaa |
1114.01h1Organizational.123-01.h |
hipaa-1114.01h1Organizational.123-01.h |
1114.01h1Organizational.123-01.h |
11 Access Control |
1114.01h1Organizational.123-01.h 01.03 User Responsibilities |
Shared |
n/a |
Covered or critical business information is not left unattended or available for unauthorized individuals to access, including on desks, printers, copiers, fax machines, and computer monitors. |
|
2 |
| NIST_SP_800-53_R4 |
AC-10 |
NIST_SP_800-53_R4_AC-10 |
NIST SP 800-53 Rev. 4 AC-10 |
Access Control |
Concurrent Session Control |
Shared |
n/a |
The information system limits the number of concurrent sessions for each [Assignment: organization-defined account and/or account type] to [Assignment: organization-defined number].
Supplemental Guidance: Organizations may define the maximum number of concurrent sessions for information system accounts globally, by account type (e.g., privileged user, non-privileged user, domain, specific application), by account, or a combination. For example, organizations may limit the number of concurrent sessions for system administrators or individuals working in particularly sensitive domains or mission-critical applications. This control addresses concurrent sessions for information system accounts and does not address concurrent sessions by single users via multiple system accounts.
Control Enhancements: None.
References: None. |
link |
1 |
| NIST_SP_800-53_R5 |
AC-10 |
NIST_SP_800-53_R5_AC-10 |
NIST SP 800-53 Rev. 5 AC-10 |
Access Control |
Concurrent Session Control |
Shared |
n/a |
Limit the number of concurrent sessions for each [Assignment: organization-defined account and/or account type] to [Assignment: organization-defined number]. |
link |
1 |