NIST 800-53 REV 5 • SYSTEM AND INFORMATION INTEGRITY

SI-14(3)Non-persistent Connectivity

Establish connections to the system on demand and terminate connections after {{ insert: param, si-14.03_odp }}.

CMMC Practice Mapping

No direct CMMC mapping

NIST 800-171 Mapping

No direct NIST 800-171 mapping

Related Controls

Supplemental Guidance

Persistent connections to systems can provide advanced adversaries with paths to move laterally through systems and potentially position themselves closer to high value assets. Limiting the availability of such connections impedes the adversary’s ability to move freely through organizational systems.

Practitioner Notes

Establish non-persistent network connections — connections are temporary and terminated after use rather than maintained indefinitely.

Example 1: Configure VPN connections to automatically disconnect after a set idle timeout (30 minutes) or maximum session duration (8 hours). Users must re-authenticate to reconnect, ensuring stale sessions are not exploited.

Example 2: For cloud-based management sessions, use just-in-time access (Azure AD PIM). Admin access is granted for a specific time window (1-4 hours), after which the elevated permissions are automatically revoked. Sessions are non-persistent by design.

More System and Information Integrity Controls

SI-1 Policy and Procedures SI-2 Flaw Remediation SI-2(1) Central Management SI-2(2) Automated Flaw Remediation Status