Expert Advice Community

Guest

Time out and timed session

  Quote
Guest
Guest user Created:   Jan 12, 2016 Last commented:   Jan 12, 2016

Time out and timed session

 I was wondering if you could clear up a question for me. I have a client that says for their users of their cloud based application they need both an inactivity time-out as well as a timed session time out to be compliant. Can you shed any light on this as its hard to determine what is actually required as opposed to recommended. 
0 0

Assign topic to the user

ISO 27001 DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

ISO 27001 DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

Guest
AntonioS Jan 12, 2016

 

Answer:

These terms are not used in the current ISO 27001:2013. They were used in the ISO 27001:2005 (but focused on Operating Systems) -Controls A.11.5.5 Session time-out (shut down inactive sessions after a defined time) and A.11.5.6 Limitation of connection time (shut down connection after a defined time in high risk applications), so we can think that now are not mandatory. Anyway if your client have implemented both controls, I think that the best is to maintain them.

Quote
0 0

Comment as guest or Sign in

HTML tags are not allowed

Jan 12, 2016

Jan 12, 2016

Suggested Topics