Back

Display an explicit logout message when disconnecting an authenticated communications session.


CONTROL ID
10093
CONTROL TYPE
Configuration
CLASSIFICATION
Preventive

SUPPORTING AND SUPPORTED CONTROLS



This Control directly supports the implied Control(s):
  • Configure session timeout and reauthentication settings according to organizational standards., CC ID: 12460

There are no implementation support Controls.


SELECTED AUTHORITY DOCUMENTS COMPLIED WITH



  • An authenticated session, together with its encryption protocol, should remain intact throughout the interaction with the customer. Else, in the event of interference, the session should be terminated and the affected transactions resolved or reversed out. The customer should be promptly notified of… (Critical components of information security g) ¶ 2 7., Guidelines on Information Security, Electronic Banking, Technology Risk Management and Cyber Frauds)
  • Displays an explicit logout message to users indicating the reliable termination of authenticated communications sessions. (AC-12(1)(b), StateRAMP Security Controls Baseline Summary High Sensitivity Level, Version 1.1)
  • Displays an explicit logout message to users indicating the reliable termination of authenticated communications sessions. (AC-12(1)(b) High Baseline Controls, FedRAMP Baseline Security Controls, 8/28/2018)
  • The "restrict guest access to application log" policy should be set correctly. Technical Mechanisms: (1) HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Application\RestrictGuestAccess (2) defined by Group Policy Parameters: (1) enabled/disabled References: CCE-299 Application Log:… (CCE-3880-2, Common Configuration Enumeration List, Combined XML: Windows 2000, 5.20130214)
  • The "restrict guest access to application log" policy should be set correctly. Technical Mechanisms: (1) HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Application\RestrictGuestAccess (2) defined by Group Policy Parameters: (1) enabled/disabled References: CCE-299 2.2.4.1.2 Restri… (CCE-3281-3, Common Configuration Enumeration List, Combined XML: Windows Server 2003, 5.20130214)
  • The information system displays an explicit logout message to users indicating the reliable termination of authenticated communications sessions. (AC-12(1)(b), Security and Privacy Controls for Federal Information Systems and Organizations, NIST SP 800-53, Deprecated, Revision 4, Deprecated)
  • Displays an explicit logout message to users indicating the reliable termination of authenticated communications sessions. (AC-12(1)(b), Security and Privacy Controls for Federal Information Systems and Organizations, NIST SP 800-53, Revision 4)
  • Display an explicit message to users indicating that the session will end in [Assignment: organization-defined time until end of session]. (AC-12(3) ¶ 1, Security and Privacy Controls for Information Systems and Organizations, NIST SP 800-53, Revision 5)
  • Display an explicit logout message to users indicating the termination of authenticated communications sessions. (AC-12(2) ¶ 1, Security and Privacy Controls for Information Systems and Organizations, NIST SP 800-53, Revision 5)
  • Display an explicit message to users indicating that the session will end in [Assignment: organization-defined time until end of session]. (AC-12(3) ¶ 1, Security and Privacy Controls for Information Systems and Organizations, NIST SP 800-53, Revision 5.1.1)
  • Display an explicit logout message to users indicating the termination of authenticated communications sessions. (AC-12(2) ¶ 1, Security and Privacy Controls for Information Systems and Organizations, NIST SP 800-53, Revision 5.1.1)