Enforce Session Lifetime Limits for Guests and Admins for Financial Services & Banking

Financial Services & Banking organizations face specific regulatory requirements including soc2, pci-dss, nist-800-53, iso27001. The CA-11 control helps address these requirements by:

• Sign-in frequency is enforced via Conditional Access for high-risk scenarios
• Guest user sessions expire within 24 hours
• Admin sessions expire within 8 hours
• Persistent browser sessions are disabled for guest access

Guests and admins represent elevated risk. Guest accounts access your data from unmanaged devices; limiting session lifetime reduces exposure if credentials are compromised. Admin sessions should be short-lived. Regular users on managed devices can have longer sessions to avoid productivity impact.

When implementing CA-11 in a financial services & banking environment, consider:

• **Regulatory requirements**: soc2, pci-dss, nist-800-53 may mandate specific configurations
• **Risk tolerance**: Financial Services & Banking organizations typically have moderate to low risk tolerance
• **Audit frequency**: Plan for regular compliance reviews
• **Documentation**: Maintain detailed records for regulatory inspections

To implement CA-11 in your Microsoft 365 environment:

• Sign-in frequency is enforced via Conditional Access for high-risk scenarios
• Guest user sessions expire within 24 hours
• Admin sessions expire within 8 hours
• Persistent browser sessions are disabled for guest access

TrueConfig can automatically remediate this control with one click.