SC.L2-3.13.11 – Terminate network connections associated with communications sessions at the end of the sessions or after a defined period of inactivity.

This control requires your organization to ensure that network sessions—especially those involving Controlled Unclassified Information (CUI)—are automatically ended when the session concludes or after a period of inactivity, to reduce exposure and prevent unauthorized access.