SC-23(2) — User-initiated Logouts and Message Displays

Users should be able to initiate a logout at any time, and the system should clearly display when they are logged out.

Example 1: Ensure every web application displays a visible "Log Out" button on every page. When clicked, it terminates the session and redirects the user to a clear "You have been logged out" confirmation page.

Example 2: For terminal/RDP sessions, ensure the Windows logoff option is available and not hidden. Train users to log off rather than just close the RDP window, which may leave their session running on the server.