Configure Session Controls for Financial Services & Banking

Financial Services & Banking organizations face specific regulatory requirements including soc2, pci-dss, nist-800-53, iso27001. The CA-07 control helps address these requirements by:

• Sign-in frequency is enforced for admin sessions (8 hours)
• Sign-in frequency is enforced for user sessions (24 hours)
• Persistent browser sessions are controlled for sensitive scenarios

Long-lived sessions increase the window for session hijacking and token theft. Enforcing sign-in frequency limits how long a stolen session token remains valid.

When implementing CA-07 in a financial services & banking environment, consider:

• **Regulatory requirements**: soc2, pci-dss, nist-800-53 may mandate specific configurations
• **Risk tolerance**: Financial Services & Banking organizations typically have moderate to low risk tolerance
• **Audit frequency**: Plan for regular compliance reviews
• **Documentation**: Maintain detailed records for regulatory inspections

CA-07 requires the following configuration:

• Sign-in frequency is enforced for admin sessions (8 hours)
• Sign-in frequency is enforced for user sessions (24 hours)
• Persistent browser sessions are controlled for sensitive scenarios

Creates CA policy with session controls in report-only mode

With TrueConfig, you can implement this control automatically using our one-click remediation feature.