NIST 800-53 REV 5 • MAINTENANCE

MA-4(7)Disconnect Verification

Verify session and network connection termination after the completion of nonlocal maintenance and diagnostic sessions.

CMMC Practice Mapping

No direct CMMC mapping

NIST 800-171 Mapping

No direct NIST 800-171 mapping

Related Controls

Supplemental Guidance

Verifying the termination of a connection once maintenance is completed ensures that connections established during nonlocal maintenance and diagnostic sessions have been terminated and are no longer available for use.

Practitioner Notes

After remote maintenance is complete, you need to verify that the session has actually been disconnected and that no persistent connections remain. Lingering sessions are a security risk.

Example 1: After each remote maintenance session, verify disconnection by checking active sessions on the target system: use quser or query session on Windows servers to confirm no orphaned RDP sessions remain. Log the verification in the maintenance record.

Example 2: Configure your VPN concentrator and remote access tools to automatically terminate sessions after a defined idle timeout (e.g., 15 minutes). Set up session limits so technicians cannot leave connections open indefinitely. Review VPN session logs daily for sessions exceeding expected durations.

More Maintenance Controls

MA-1 Policy and Procedures MA-2 Controlled Maintenance MA-2(1) Record Content MA-2(2) Automated Maintenance Activities