SC-10 H M

The information system terminates the network connection associated with a communications session at the end of the session or after [Assignment: organization-defined time period] of inactivity.

  • H SC-10 [no longer than ten (10) minutes for privileged sessions and no longer than fifteen (15) minutes for user sessions]
  • M SC-10 [no longer than 30 minutes for RAS-based sessions or no longer than 60 minutes for non-interactive user sessions]
DISA Cloud Computing SRG

10 minutes in band management and 15 minutes for user sessions


Supplemental Guidance

This control applies to both internal and external networks. Terminating network connections associated with communications sessions include, for example, de-allocating associated TCP/IP address/port pairs at the operating system level, or de-allocating networking assignments at the application level if multiple application sessions are using a single, operating system-level network connection. Time periods of inactivity may be established by organizations and include, for example, time periods by type of network access or for specific network accesses.
Control Enhancements: None.

References: None.