STIGs RMF Controls Compare

STIGhub

A free tool to search and browse the entire DISA STIG library. Saves up to 75% in security compliance research time.

Navigation

Browse STIGs
Search
RMF Controls
Compare Versions

Resources

About
Release Notes
VPAT
DISA STIG Library

STIGs updated 2 hours ago

Powered by Pylon

© 2026 Beacon Cloud Solutions, Inc. All rights reserved.

← AC-12 (1) — Session Termination

CCI-002363

Definition

Provide a logout capability for user-initiated communications sessions whenever authentication is used to gain access to organization-defined information resources.

Parent Control

AC-12 (1)Session TerminationAccess Control

Linked STIG Checks (22)

V-205056CAT IIThe ALG providing user access control intermediary services must provide a logoff capability for user-initiated communications sessions.Application Layer Gateway Security Requirements Guide V-222391CAT IIApplications requiring user access authentication must provide a logoff capability for user initiated communication session.Application Security and Development Security Technical Implementation Guide V-204778CAT IIThe application server management interface must provide a logout capability for user-initiated communication session.Application Server Security Requirements Guide V-237421CAT IIThe CA API Gateway providing user access control intermediary services must provide a logoff capability for user-initiated communications sessions.CA API Gateway ALG Security Technical Implementation Guide V-251632CAT IICA IDMS CV must supply logout functionality to allow the user to implicitly terminate a session initiated by the terminal user.CA IDMS Security Technical Implementation Guide V-251633CAT IICA IDMS CV must supply logout functionality to allow the user to implicitly terminate a session by disconnecting or ending before an explicit logout.CA IDMS Security Technical Implementation Guide V-251634CAT IICA IDMS CV must supply logout functionality to allow the user to implicitly terminate an external run-unit when a database request has not been made in an organizationally prescribed time frame.CA IDMS Security Technical Implementation Guide V-251635CAT IICA IDMS CV must supply logout functionality to allow the user to implicitly terminate a batch external request unit when the batch job abnormally terminates.CA IDMS Security Technical Implementation Guide V-221923CAT IIThe Central Log Server must provide a logout capability for user initiated communication session.Central Log Server Security Requirements Guide V-206581CAT IIThe DBMS must provide logout functionality to allow the user to manually terminate a session initiated by that user.Database Security Requirements Guide V-259983CAT IIThe Enterprise Voice, Video, and Messaging Endpoint must provide a logout capability for user-initiated communications sessions.Enterprise Voice, Video, and Messaging Endpoint Security Requirements Guide V-260042CAT IIThe Enterprise Voice, Video, and Messaging Session Manager requiring user access authentication must provide a logout capability for user-initiated communications sessions.Enterprise Voice, Video, and Messaging Session Management Security Requirements Guide V-203684CAT IIThe operating system must provide a logoff capability for user-initiated communications sessions when requiring user access authentication.General Purpose Operating System Security Requirements Guide V-217458CAT IINetwork devices must provide a logoff capability for administrator-initiated communication sessions.HP FlexFabric Switch NDM Security Technical Implementation Guide V-65123CAT IIThe DataPower Gateway must provide a logout capability for administrator-initiated communication sessions.IBM DataPower Network Device Management Security Technical Implementation Guide V-205536CAT IIMainframe Products requiring user access authentication must provide a logoff capability for a user-initiated communication session.Mainframe Product Security Requirements Guide V-253718CAT IIMariaDB must provide logout functionality to allow the user to manually terminate a session initiated by that user.MariaDB Enterprise 10.x Security Technical Implementation Guide V-202085CAT IIThe network device must be configured to provide a logout mechanism for administrator-initiated communication sessions.Network Device Management Security Requirements Guide V-270497CAT IIOracle Database must automatically terminate a user session after organization-defined conditions or trigger events requiring session disconnect.Oracle Database 19c Security Technical Implementation Guide V-234443CAT IIThe UEM server must provide logout capability for user-initiated communication sessions.Unified Endpoint Management Server Security Requirements Guide V-207433CAT IIVMMs requiring user access authentication must provide a logout capability for user-initiated communications sessions.Virtual Machine Manager Security Requirements Guide V-207254CAT IIThe VPN Client logout function must be configured to terminate the session on/with the VPN Gateway.Virtual Private Network (VPN) Security Requirements Guide