The system must provide users the option to manually lock their session from any resource protected by authentication.
This requirement is verified in following services
- NIST 800-53-AC-2_2. Removal of temporary or emergency accounts
- NIST 800-53-AC-2_13. Disable accounts for high-risk individuals
- MITRE ATT&CK®-M1036. Account use policies
- CMMC-AC_L2-3_1_10. Session lock
- OWASP Top 10 Privacy Risks-P8. Missing or insufficient session expiration
- OWASP SCP-4. Session management
Search for vulnerabilities in your apps for free with our automated security testing! Start your 21-day free trial and discover the benefits of our Continuous Hacking Machine Plan. If you prefer a full service that includes the expertise of our ethical hackers, don't hesitate to contact us for our Continuous Hacking Squad Plan.