Documentation Index

Fetch the complete documentation index at: https://kb.northerndatasolutions.com/llms.txt

Use this file to discover all available pages before exploring further.

AC.L2-3.1.11[b]

  • Published on Apr 28, 2026
  • 1 minute(s) read
  • CT
 Prev Next

AC.L2-3.1.11[b] — Access Control (Session Termination)

Domain: Access Control (AC)  |  Practice: AC.L2-3.1.11  |  Objective ID: 3.1.11[b]  |  Source: NIST SP 800-171 Rev. 2 / CMMC 2.0 Level 2

Assessment Objective:

A user session is automatically terminated after any of the defined conditions.

Executive Summary (For Leadership and the Board)

CMMC objective AC.L2-3.1.11[b] sits inside the Access Control domain (AC.L2-3.1.11 — Session Termination) and reads: A user session is automatically terminated after any of the defined conditions.. Implement session termination mechanisms that enforce the defined conditions. This limits exposure from abandoned sessions and reduces the window for session hijacking. For organizations that handle Controlled Unclassified Information (CUI), this objective is part of the foundation that every downstream control depends on.

Related articles
  • AC.L2-3.1.11[a]
    Compliance > CMMC (NIST 800-171) > CMMC 2.0 Assessment Objectives
  • AC.L2-3.1.5[b]
    Compliance > CMMC (NIST 800-171) > CMMC 2.0 Assessment Objectives