NIST 800-53 AC-10 Mappings

Organizations may define the maximum number of concurrent sessions for system accounts globally, by account type, by account, or any combination thereof. For example, organizations may limit the number of concurrent sessions for system administrators or other individuals working in particularly sensitive domains or mission-critical applications. Concurrent session control addresses concurrent sessions for system accounts. It does not, however, address concurrent sessions by single users via multiple system accounts.

Mappings

Capability ID Capability Description Mapping Type ATT&CK ID ATT&CK Name
AC-10 Concurrent Session Control Protects T1137 Office Application Startup
AC-10 Concurrent Session Control Protects T1137.002 Office Test
AC-10 Concurrent Session Control Protects T1185 Browser Session Hijacking
AC-10 Concurrent Session Control Protects T1528 Steal Application Access Token