Educause Security Discussion mailing list archives
Re: Exception to Session Logoff Policy
From: Stefan Wahe <stefan.wahe () WISC EDU>
Date: Fri, 22 Jan 2016 18:14:27 +0000
Ours is dependent on the application or system. Typically our standard for desktops is to auto lock after 15 minutes of inactivity. For some of our restricted systems inactive logoff is 20 to 40 minutes. If the system does not handled “restricted” or “critical” data” then a longer logout maybe accepted. My question is if they are training, is the session logoff based on inactivity or total session time? Thanks – Stefan From: The EDUCAUSE Security Constituent Group Listserv <SECURITY () LISTSERV EDUCAUSE EDU> on behalf of "Carroll, Tim" <Carrolltd () ROANESTATE EDU> Reply-To: The EDUCAUSE Security Constituent Group Listserv <SECURITY () LISTSERV EDUCAUSE EDU> Date: Friday, January 22, 2016 at 11:25 AM To: "SECURITY () LISTSERV EDUCAUSE EDU" <SECURITY () LISTSERV EDUCAUSE EDU> Subject: [SECURITY] Exception to Session Logoff Policy Good Morning, I have a request from an Academic Organization to change the session logoff time from our standard 15 minutes of inactivity to 60 minutes to accommodate teaching in dedicated labs. After researching for a standard I can find no clear consensus; although 15 minutes seems to be the most commonly adopted. OMB M-06-16 (PDF) U.S. Presidential Memorandum Protection of Sensitive Agency Information recommends time-out after 30 minutes; NIST SP800-46 suggests 15 minutes; Standards among Higher Education institutions vary widely from 1 to 30 minutes depending on where the computer is located and what data is being accessed. My question is, what automatic logoff standard are you using and do you allow for exceptions? What sources do you cite to support your decision if any? Regards, Tim Tim Carroll Assistant Vice President and Chief Information Officer Information Technology Roane State Community College carrolltd () roanestate edu 865-882-4560 This email is intended for the addressee and may contain privileged information. If you are not the addressee, you are not permitted to use or copy this email or its attachments nor may you disclose the same to any third party. If this has been sent to you in error, please delete the email and notify us by replying to this email immediately.
Attachment:
smime.p7s
Description:
Current thread:
- Exception to Session Logoff Policy Carroll, Tim (Jan 22)
- Re: Exception to Session Logoff Policy Hugh Burley (Jan 22)
- Re: Exception to Session Logoff Policy Eric Lukens (Jan 22)
- Re: Exception to Session Logoff Policy Antonio Crespo (Jan 27)
- Re: Exception to Session Logoff Policy Carroll, Tim (Jan 28)
- Re: Exception to Session Logoff Policy Eric Lukens (Jan 22)
- Re: Exception to Session Logoff Policy Hugh Burley (Jan 22)
- <Possible follow-ups>
- Re: Exception to Session Logoff Policy Michael Van Norman (Jan 22)
- Re: Exception to Session Logoff Policy Bellina, Brendan (Jan 22)
- Re: Exception to Session Logoff Policy Frank Barton (Jan 22)
- Re: Exception to Session Logoff Policy Bellina, Brendan (Jan 22)
- Re: Exception to Session Logoff Policy Stefan Wahe (Jan 22)