Policy
Policy Name
Session Management Policy

Overview
Session Management is the process to ensure systems and user sessions are secure from session abandonment or when systems are no longer in use.  Examples of user sessions include workstation sessions and website sessions.

Statement
  • Mechanisms must be in place to protect and secure systems when not in use (e.g. log on screen "auto-lock" feature) to ensure system will lock after certain period of inactivity.
  • Re-establishment of a timed out session requires system or user re-authentication.
  • Connection pooling is authorized, but is subject to user inactivity timeout and has a maximum of 24 hours in duration.

Justification

Scope
All employees, contractors, agents and third-parties

Consequeces for Noncompliance
Noncompliance to this policy can result in disciplinary action up and including termination of employment or contract.

Topics
Access Control