Fluid Attacks logo
Contact Us
Young hacker smiling
Zero false positives

Expert intelligence + effective automation

Contact logo Contact Us

R027. Allow session lockout

This documents contains the details of the security requirements related to the definition and management of session and session variables in the organization. This requirement establishes the importance of allowing temporary lockouts over sessions in order to avoid bruteforce attacks.


System must provide users the option to manually lock their session from any resource protected by authentication.


  1. NIST 800-53 AC-2 (2) El sistema de información automáticamente remueve o deshabilita las cuentas temporales y de emergencia luego de un periodo de tiempo definido por la organización para cada tipo de cuenta.

  2. NIST 800-53 AC-2 (13) The organization disables accounts of users posing a significant risk within [Assignment: organization-defined time period] of discovery of the risk.

Service status - Terms of Use