Access Control (AC)
Notify the user, upon successful logon, of the following additional information: [Assignment: organization-defined additional information].
Access Control (AC)
Level N/A
Limit the number of concurrent sessions for each [Assignment: organization-defined account and/or account type] to [Assignment: organization-defined number].
Access Control (AC)
Level N/A
a. Prevent further access to the system by [Selection (one or more): initiating a device lock after [Assignment: organization-defined time period] of inactivity; requiring the user to initiate a device lock before leaving the system unattended]; and b. Retain the device lock until the user reestablishes access using established identification and authentication procedures.
Access Control (AC)
Level N/A
Conceal, via the device lock, information previously visible on the display with a publicly viewable image.
Access Control (AC)
Level N/A
Automatically terminate a user session after [Assignment: organization-defined conditions or trigger events requiring session disconnect].
Access Control (AC)
Provide a logout capability for user-initiated communications sessions whenever authentication is used to gain access to [Assignment: organization-defined information resources].
Access Control (AC)
Display an explicit logout message to users indicating the termination of authenticated communications sessions.
Access Control (AC)
Display an explicit message to users indicating that the session will end in [Assignment: organization-defined time until end of session].
Access Control (AC)
[Withdrawn: Incorporated into SI-4.]
Access Control (AC)
a. Identify [Assignment: organization-defined user actions] that can be performed on the system without identification or authentication consistent with organizational mission and business functions; and b. Document and provide supporting rationale in the security plan for the system, user actions not requiring identification or authentication.
