Configure Session Controls for Professional Services & Consulting

Professional Services & Consulting organizations face specific regulatory requirements including soc2, iso27001, cis. The CA-07 control helps address these requirements by:

• Sign-in frequency is enforced for admin sessions (8 hours)
• Sign-in frequency is enforced for user sessions (24 hours)
• Persistent browser sessions are controlled for sensitive scenarios

Long-lived sessions increase the window for session hijacking and token theft. Enforcing sign-in frequency limits how long a stolen session token remains valid.

When implementing CA-07 in a professional services & consulting environment, consider:

• **Regulatory requirements**: soc2, iso27001, cis may mandate specific configurations
• **Risk tolerance**: Professional Services & Consulting organizations typically have moderate to low risk tolerance
• **Audit frequency**: Plan for regular compliance reviews
• **Documentation**: Maintain detailed records for regulatory inspections

CA-07 requires the following configuration:

• Sign-in frequency is enforced for admin sessions (8 hours)
• Sign-in frequency is enforced for user sessions (24 hours)
• Persistent browser sessions are controlled for sensitive scenarios

Creates CA policy with session controls in report-only mode

With TrueConfig, you can implement this control automatically using our one-click remediation feature.