SC-10 - Network Disconnect

Control requirements

SC-10 - 0

The information system terminates the network connection associated with a communications session at the end of the session or after [IBM Assignment: no longer than 30 minutes for RAS-based sessions or no longer than 60 minutes for non-interactive user sessions] of inactivity.

Implementation guidance

See the resources that follow to learn more about how to implement this control.

• Connecting application provider to the management VPC

IBM Cloud for Financial Services profile

The rules related to this control that follow are part of the IBM Cloud for Financial Services v1.2.0 profile in IBM Cloud® Security and Compliance Center.

• Check that sign out for active sessions is set to # seconds or less for IBM Cloud accounts
• Check whether App ID access tokens are configured to expire within # minutes

NIST supplemental guidance

This control applies to both internal and external networks. Terminating network connections associated with communications sessions include, for example, de-allocating associated TCP/IP address/port pairs at the operating system level, or de-allocating networking assignments at the application level if multiple application sessions are using a single, operating system-level network connection. Time periods of inactivity may be established by organizations and include, for example, time periods by type of network access or for specific network accesses.