National Vulnerability Database

National Vulnerability Database

National Vulnerability
Database

NIST Special Publication 800-53 (Rev. 4)

Security Controls and Assessment Procedures for Federal Information Systems and Organizations

AC-10 CONCURRENT SESSION CONTROL

Family:
AC - ACCESS CONTROL
Class:
Priority:
P3 - Implement P3 security controls after implementation of P1 and P2 controls.
Baseline Allocation:
Low Moderate High
N/A N/A AC-10

Control Description

The information system limits the number of concurrent sessions for each [Assignment: organization-defined account and/or account type] to [Assignment: organization-defined number].

Supplemental Guidance

Organizations may define the maximum number of concurrent sessions for information system accounts globally, by account type (e.g., privileged user, non-privileged user, domain, specific application), by account, or a combination. For example, organizations may limit the number of concurrent sessions for system administrators or individuals working in particularly sensitive domains or mission-critical applications. This control addresses concurrent sessions for information system accounts and does not address concurrent sessions by single users via multiple system accounts.

Related to:

Control Enhancements

None.

References

None.