https://www.infosecinstitute.com/resources/security-awareness/security-awareness-hazards-removable-media/
This article provides an overview of removable media including the risks associated with this technology and how to implement a control policy.
InfoWorld – Manage those Macs: A guide for Windows admins / Set your Mac to log out when not in use
3.1 3.1.11 Access Control
https://www.infoworld.com/article/2249814/manage-those-macs-a-guide-for-windows-admins-2.html
This article describes techniques for automating the management of Apple iOS devices that will allow an admin to push polices such as “Idle-time logoff” to a MAC instead of touching each machine. NIST 800-171 Control: 3.1.11
ISACA – Implementing Segregation of Duties: A Practical Experience Based on Best Practices
3.1 3.1.4 Access Control
https://www.isaca.org/resources/isaca-journal/issues/2016/volume-3/implementing-segregation-of-duties-a-practical-experience-based-on-best-practices
This article from ISACA provides an overview of the implementation of SoD based on practical experiences.
ISACA Journal – Capability Framework for Privileged Access Management
3.1 3.1.15 Access Control
https://www.isaca.org/resources/isaca-journal/issues/2017/volume-1/capability-framework-for-privileged-access-management
This article discusses the elements required of a privileged access program that need to be in place to authorize execution of privileged access commands (PACs) and monitor the use of PACs whether on-line or remote. The whole document is useful, but the section on Privileged Users provides specific guidance how to control who has the right to use PACs
https://www.isaca.org/resources/isaca-journal/issues/2018/volume-1/data-loss-preventionnext-steps
This article provides a comprehensive description of Data Loss Prevention (DLP). The article includes best Practices for DLP planning and preparation, and tools for automating DLP.
Linux / UNIX Automatically Logout BASH / TCSH / SSH Users After a Period of Inactivity
3.1 3.1.11 Access Control
https://www.cyberciti.biz/faq/linux-unix-login-bash-shell-force-time-outs/
This document along with the comments section list Unix scripts that can be used to automatically terminate user sessions.
https://www.mcafee.com/en-us/antivirus/mcafee-total-protection.html
McAfee Total Protection to reduce the attack surface
https://learn.microsoft.com/en-us/previous-versions/windows/it-pro/windows-10/security/threat-protection/security-policy-settings/account-lockout-policy
This article describes how to set an account lockout policy.
Microsoft – Interactive logon: Machine inactivity limit
3.1 3.1.10 Access Control
https://learn.microsoft.com/en-us/previous-versions/windows/it-pro/windows-10/security/threat-protection/security-policy-settings/interactive-logon-machine-inactivity-limit
This article describes how to configure inactivity timeouts on Windows.
Microsoft – Microsoft network server: Amount of idle time required before suspending session
3.1 3.1.11 Access Control
https://learn.microsoft.com/en-us/previous-versions/windows/it-pro/windows-10/security/threat-protection/security-policy-settings/microsoft-network-server-amount-of-idle-time-required-before-suspending-session
This article describes best practices for automatically terminating user sessions on a Microsoft Network Server.
