CMMC Education – User session versus network session termination
Friends don’t let friends disconnect their users every 24 hours.
Two of the most confused requirements in CMMC Level 2 / NIST SP 800-171 Rev. 2 are 3.1.11 “User Session Termination” and 3.13.9 “Network Session Termination”.
They seem similar, but 3.13.9 controls the risk using crunchy network and firewall settings while 3.1.11 controls the risk using server-side methods to log off or disable accounts.
In this video, Jil Wright, Certified CMMC Assessor extraordinaire, and Amira Armond, Certified CMMC Assessor and Kieri Solution’s Quality Manager, explain the difference!
Did someone tell you that you have to disconnect all your VPNs every 24 hours in order to be compliant with CMMC? Terrible! Sure, it is one way to be compliant, but there are better ways to do this!
Spread the word, the confusion about these two requirements needs to be fixed.
Amira Armond is the founder and Quality Manager for Kieri Solutions, an Authorized C3PAO. Jil Wright is a Certified CMMC Assessor and instructor with Wrightbrained Security. Kieri Solutions provides CMMC preparation and assessments for CMMC and 800-171 compliance.
Would you like a second opinion about your CMMC prep? Check all the things Kieri Solutions can help you with!