Organizational Control: Concurrent Session Control

Control ID: AC-10 Concurrent Session Control Family: Access Control Source: NIST 800-53r4
Control: The information system limits the number of concurrent sessions for each [Assignment: organization-defined account and/or account type] to [Assignment: organization-defined number].
Supplemental Guidance:
Organizations may define the maximum number of concurrent sessions for information system accounts globally, by account type (e.g.,privileged user, non-privileged user, domain, specific application), by account, or a combination. For example, organizations may limit the number of concurrent sessions for system administrators or individuals working in particularly sensitive domains or mission-critical applications. This control addresses concurrent sessions for information system accounts and does not address concurrent sessions by single users via multiple system accounts.

Related Controls: N/A
Control Enhancements: N/A
References: N/A
Mechanisms:
Protocol Implementation Conformance Statements: N/A