Device Class 1: Network Disconnect

Control ID: SC-10 Network Disconnect

Family: System and Communications Protection

Source: NIST 800-53r4

Control: The information system terminates the network connection associated with a communications session at the end of the session or after [Assignment: organization-defined time period] 15 minutes of inactivity.

Supplemental Guidance:
This control applies to both internal and external networks. Terminating network connections associated with communications sessions include, for example, de-allocating associated TCP/IP address/port pairs at the operating system level, or de-allocating networking assignments at the application level if multiple application sessions are using a single, operating system-level network connection. Time periods of inactivity may be established by organizations and include, for example, time periods by type of network access or for specific network accesses.

Related Controls: N/A

Control Enhancements: N/A

References: N/A

Mechanisms:

For TCP/IP ports in any state other than 'LISTENING', the device shall de-allocate that TCP/IP port once 15 minutes have passed with no activity on that port.
For UDP/IP ports in any state other than 'LISTENING', the device shall de-allocate that UDP/IP port once 15 minutes have passed with no activity on that port.

Protocol Implementation Conformance Statements:

ID	Statement	Status	Reference	Notes
SC-10/1	Supports de-allocation of TCP/IP ports after 15 minutes of inactivity	M	RFC 793
SC-10/2	Supports de-allocation UDP/IP ports after 15 minutes of inactivity	M	RFC 768