Description
The information system prevents further access to the system by initiating a session lock after [Assignment: organization-defined time period] of inactivity, and the session lock remains in effect until the user reestablishes access using appropriate identification and authentication procedures.\n
Supplemental Guidance
Users can directly initiate session lock mechanisms. A session lock is not a substitute for logging out of the information system. Organization-defined time periods of inactivity comply with federal policy; for example, in accordance with OMB Memorandum 06-16, the organization-defined time period is no greater than thirty minutes for remote access and portable devices.\n
Changes from Rev 4
Title changed from ' the control to focus on device versus session Changes parameter to selection list Amplifies how a device lock can be performed
Enhancements
(0) None.\n