STIGhubSTIGhub
STIGsRMF ControlsCompare
STIGhub— A free STIG search and compliance tool·STIGs updated 3 days ago
Powered by Pylon·Privacy·Terms·© 2026 Beacon Cloud Solutions, Inc.
← All Controls

AC-12

Access ControlRev 5system

Session Termination

Baselines:ModerateHigh

Control Statement

Automatically terminate a user session after [Assignment: conditions or trigger events].

Supplemental Guidance

Session termination addresses the termination of user-initiated logical sessions (in contrast to [SC-10](#sc-10) , which addresses the termination of network connections associated with communications sessions (i.e., network disconnect)). A logical session (for local, network, and remote access) is initiated whenever a user (or process acting on behalf of a user) accesses an organizational system. Such user sessions can be terminated without terminating network sessions. Session termination ends all processes associated with a user’s logical session except for those processes that are specifically created by the user (i.e., session owner) to continue after the session is terminated. Conditions or trigger events that require automatic termination of the session include organization-defined periods of user inactivity, targeted responses to certain types of incidents, or time-of-day restrictions on system use.

Related Controls (3)

MA-4SC-10SC-23

CCI Identifiers (3)

CCI-002361Automatically terminate a user session after organization-defined conditions or trigger events requiring session disconnect.CCI-002254The organization defines the conditions or trigger events requiring session disconnect to be employed by the information system when automatically terminating a user session.deprecatedCCI-002360Defines the conditions or trigger events requiring session disconnect when automatically terminating a user session.

Linked STIG Checks (165)

Across 126 STIGs. Click to expand.