Documentation Index

Fetch the complete documentation index at: https://kb.northerndatasolutions.com/llms.txt

Use this file to discover all available pages before exploring further.

AC.L2-3.1.11[a]

  • Published on Apr 28, 2026
  • 1 minute(s) read
  • CT
 Prev Next

AC.L2-3.1.11[a] — Access Control (Session Termination)

Domain: Access Control (AC)  |  Practice: AC.L2-3.1.11  |  Objective ID: 3.1.11[a]  |  Source: NIST SP 800-171 Rev. 2 / CMMC 2.0 Level 2

Assessment Objective:

Conditions requiring a user session to terminate are defined.

Executive Summary (For Leadership and the Board)

CMMC objective AC.L2-3.1.11[a] sits inside the Access Control domain (AC.L2-3.1.11 — Session Termination) and reads: Conditions requiring a user session to terminate are defined.. Define the conditions under which sessions must be automatically terminated (e.g., after a maximum session duration, upon administrative action, network disconnection, or security event). For organizations that handle Controlled Unclassified Information (CUI), this objective is part of the foundation that every downstream control depends on.

Related articles
  • AC.L2-3.1.11[b]
    Compliance > CMMC (NIST 800-171) > CMMC 2.0 Assessment Objectives
  • AC.L2-3.13.9[a]
    Compliance > CMMC (NIST 800-171) > CMMC 2.0 Assessment Objectives