AC-12: Session Termination

From NIST's SP800-53:

Automatically terminate a user session after [Assignment: organization-defined conditions or trigger events requiring session disconnect].

Cyber Threat Graph Context

Explore how this control relates to the wider threat graph

SP800-53 Control Mapped to NIST Cyber Security Framework

Generated from NISTs SP800-53/CSF Crosswalk mappings.

Control ID Description
PR.AC-7 Users, devices, and other assets are authenticated (e.g., single-factor, multi-factor) commensurate with the risk of the transaction (e.g., individuals’ security and privacy risks and other organizational risks)

MITRE ATT&CK Techniques

See which MITRE ATT&CK techniques this control helps to protect against.

ATT&CK ID Title Associated Tactics
T1185 Browser Session Hijacking Collection
T1072 Software Deployment Tools Execution, Lateral Movement
T1021.001 Remote Desktop Protocol Lateral Movement
T1505.005 Terminal Services DLL Persistence
T1563.002 RDP Hijacking Lateral Movement