NIST 800-53 AC-12 Mappings

Session termination addresses the termination of user-initiated logical sessions (in contrast to SC-10, which addresses the termination of network connections associated with communications sessions (i.e., network disconnect)). A logical session (for local, network, and remote access) is initiated whenever a user (or process acting on behalf of a user) accesses an organizational system. Such user sessions can be terminated without terminating network sessions. Session termination ends all processes associated with a user’s logical session except for those processes that are specifically created by the user (i.e., session owner) to continue after the session is terminated. Conditions or trigger events that require automatic termination of the session include organization-defined periods of user inactivity, targeted responses to certain types of incidents, or time-of-day restrictions on system use.

Mappings

Capability ID Capability Description Mapping Type ATT&CK ID ATT&CK Name
AC-12 Session Termination Protects T1185 Browser Session Hijacking
AC-12 Session Termination Protects T1505.005 Terminal Services DLL
AC-12 Session Termination Protects T1563.002 RDP Hijacking
AC-12 Session Termination Protects T1021.001 Remote Desktop Protocol
AC-12 Session Termination Protects T1072 Software Deployment Tools