SC.3.186 Terminate network connections associated with communications sessions at the end of the sessions or after a defined period of inactivity.

CMMC Practice SC.3.186: Terminate network connections associated with communications sessions at the end of the sessions or after a defined period of inactivity.

Links to Publicly Available Resources

CMMC CLARIFICATION (Ref CMMC – Appendix B)

Organizations should terminate the internal and external network connections associated with communication sessions at the end of the session or after a period of inactivity by deallocating (stopping) TCP/IP addresses or ports at the operating system level, and/or deallocating assignments at the application system level. This prevents malicious actors from taking advantage of an open network session or an unattended laptop at the end of the connection. Organization’s must balance user work patterns and needs against security when they determine the length of inactivity that will force a termination.