NIST 800-171 R-3.1.11
Terminate Sessions
Official citation: 3.1.11
Class: core · Severity: medium
Statement of the obligation — verify against source
3.1.11
What it means
Automatically end a user's logical session when a defined condition is met — such as a period of inactivity, a targeted response to an incident, or a time-of-day restriction. This addresses the user session itself and the processes tied to it, which is different from disconnecting a network connection. Ending the session stops its processes except those the user deliberately set to continue.
Educational reference only — not legal advice. Consult a qualified assessor or attorney for binding compliance determinations.