Enforce Session Lifetime Limits for Guests and Admins for Energy & Utilities

Energy & Utilities organizations face specific regulatory requirements including nist-800-53, cis, iso27001. The CA-11 control helps address these requirements by:

• Sign-in frequency is enforced via Conditional Access for high-risk scenarios
• Guest user sessions expire within 24 hours
• Admin sessions expire within 8 hours
• Persistent browser sessions are disabled for guest access

Guests and admins represent elevated risk. Guest accounts access your data from unmanaged devices; limiting session lifetime reduces exposure if credentials are compromised. Admin sessions should be short-lived. Regular users on managed devices can have longer sessions to avoid productivity impact.

When implementing CA-11 in a energy & utilities environment, consider:

• **Regulatory requirements**: nist-800-53, cis, iso27001 may mandate specific configurations
• **Risk tolerance**: Energy & Utilities organizations typically have moderate to low risk tolerance
• **Audit frequency**: Plan for regular compliance reviews
• **Documentation**: Maintain detailed records for regulatory inspections

To implement CA-11 in your Microsoft 365 environment:

• Sign-in frequency is enforced via Conditional Access for high-risk scenarios
• Guest user sessions expire within 24 hours
• Admin sessions expire within 8 hours
• Persistent browser sessions are disabled for guest access

TrueConfig can automatically remediate this control with one click.