SC-10 Network Disconnect

System and Communications Protection

Low Moderate High

Description

The information system terminates a network connection at the end of a session or after [Assignment: organization-defined time period] of inactivity.

Supplemental Guidance

The organization applies this control within the context of risk management that considers specific mission or operational requirements.

Enhancements

(0) None.

MITRE ATT&CK Techniques (5)

ATT&CK v16.1

Techniques mitigated by this control, mapped via CTID.

Command & Control 5

Command & Control

T1071 Application Layer Protocol T1071.001 Web Protocols T1071.002 File Transfer Protocols T1071.003 Mail Protocols T1071.004 DNS

Compliance Mappings

ANSSI

Hygiene.12SecNumCloud.10.6

FINMA Circular 2023/1

IV.B.d(59)IV.C(61)

OSFI B-13

B-13.3.2

EU GDPR

Art.32(1)(b)

EU DORA

Art.9(4)(c)

RBI CSF

Annex1.8

HKMA TM-E-1

TME1.8.4

SAMA CSF

3.8

NCA ECC

2-5

UAE IA

CBB TM

TM-8

Qatar NIA

BCBS 239

Principle 5

FFIEC IS

II.C.15(c)II.C.6II.C.9

HIPAA Security Rule

§164.312(a)(2)(iii)

EBA ICT Guidelines

3.4.2

BOT Cyber Resilience

Ch2.4

CMMC 2.0

IEEE 1686-2022

5.8

Common Criteria

CC Part 2 — FRU/FTA/FTP

HITRUST CSF v11

01.b

FDA 21 CFR Part 11

§11.200(a)(1)(i)

ISO 27799

9.5

ISO 17799 (legacy)

11.5.6

COBIT 4.1 (legacy)

None.