Device Class 1: Network Disconnect

Control ID: SC-10 Network Disconnect Family: System and Communications Protection Source: NIST 800-53r4
Control: The information system terminates the network connection associated with a communications session at the end of the session or after [Assignment: organization-defined time period] 15 minutes of inactivity.
Supplemental Guidance:
This control applies to both internal and external networks. Terminating network connections associated with communications sessions include, for example, de-allocating associated TCP/IP address/port pairs at the operating system level, or de-allocating networking assignments at the application level if multiple application sessions are using a single, operating system-level network connection. Time periods of inactivity may be established by organizations and include, for example, time periods by type of network access or for specific network accesses.

Related Controls: N/A
Control Enhancements: N/A
References: N/A
Mechanisms:

  • For TCP/IP ports in any state other than 'LISTENING', the device shall de-allocate that TCP/IP port once 15 minutes have passed with no activity on that port.
  • For UDP/IP ports in any state other than 'LISTENING', the device shall de-allocate that UDP/IP port once 15 minutes have passed with no activity on that port.

Protocol Implementation Conformance Statements:
ID Statement Status Reference Notes
SC-10/1 Supports de-allocation of TCP/IP ports after 15 minutes of inactivity M RFC 793
SC-10/2 Supports de-allocation UDP/IP ports after 15 minutes of inactivity M RFC 768