HOME

SC-10

SC-10 H M
Description

The information system terminates the network connection associated with a communications session at the end of the session or after [Assignment: organization-defined time period] of inactivity.

FedRAMP
  • H SC-10 [no longer than ten (10) minutes for privileged sessions and no longer than fifteen (15) minutes for user sessions]
  • M SC-10 [no longer than 30 minutes for RAS-based sessions or no longer than 60 minutes for non-interactive user sessions]
DISA Cloud Computing SRG

10 minutes in band management and 15 minutes for user sessions

Source:
DoD RMF TAG

Supplemental Guidance

This control applies to both internal and external networks. Terminating network connections associated with communications sessions include, for example, de-allocating associated TCP/IP address/port pairs at the operating system level, or de-allocating networking assignments at the application level if multiple application sessions are using a single, operating system-level network connection. Time periods of inactivity may be established by organizations and include, for example, time periods by type of network access or for specific network accesses.
Control Enhancements: None.

References: None.