AC-02.5: Inactivity Logout

AC-02.5 · Inactivity Logout

Control Description

Require that users log out when {{ insert: param, ac-02.05_odp }}.

Impact Baselines

Security baselines where this control applies

Not in any baseline

Control Properties

SP800-53-enhancement

organization

Enhancement

Control Statement

The control requirements

Require that users log out when {{ insert: param, ac-02.05_odp }}.

Supplemental Guidance

Inactivity logout is behavior- or policy-based and requires users to take physical action to log out when they are expecting inactivity longer than the defined period. Automatic enforcement of inactivity logout is addressed by [AC-11](#ac-11).

Related NIST Controls

Other NIST 800-53 controls related to this one

AC-11