Skip to main content
MuonPartners
Services
Architecture

Solution design and technology roadmapping

Solution AssessmentTechnology RoadmapsIntegration DesignSolution ArchitectureTechnical Design
Cyber Security

Security assessments, IAM, and compliance

AssessmentsIAMComplianceSecurity BaselineCyber Innovation
Network and Platform

Network architecture and cloud platforms

Network DesignCloud StrategyModernisation
Enterprise Architecture

Business-technology alignment

Business AlignmentPortfolio AnalysisGovernance
View all services
ProjectsCase StudiesInsightsToolsAbout
Contact Us

Services

Architecture
Solution AssessmentTechnology RoadmapsIntegration DesignSolution ArchitectureTechnical Design
Cyber Security
AssessmentsIAMComplianceSecurity BaselineCyber Innovation
Network and Platform
Network DesignCloud StrategyModernisation
Enterprise Architecture
Business AlignmentPortfolio AnalysisGovernance
ProjectsCase StudiesInsightsToolsAboutContact
Get in Touch
MuonPartners

Strategic technology consulting for Australian organisations navigating complexity.

Services

  • Architecture
  • Cyber Security
  • Network and Platform
  • Enterprise Architecture

Company

  • About
  • Products
  • Frameworks
  • Cross-Framework Mapping
  • Projects
  • Case Studies
  • Insights
  • Contact

Contact

  • [email protected]
  • Australia
  • LinkedIn

© 2026 Muon Partners. All rights reserved.

ABN 50 669 022 315 · A Muon Group company.

Privacy PolicyTerms of Service
  1. Frameworks
  2. >SP 800-53
  3. >Access Control
  4. >SP800-53-AC-11
SP800-53-AC-11Active

Device Lock

Statement

Prevent further access to the system by one or more: initiating a device lock after ... of inactivity; requiring the user to initiate a device lock before leaving the system unattended ; and Retain the device lock until the user reestablishes access using established identification and authentication procedures.

Location

Control Family
Access Control

Control Details

Identifier
SP800-53-AC-11
Family
AC

Organisation-Defined Parameters

ac-11_odp.01
one or more: initiating a device lock after ... of inactivity; requiring the user to initiate a device lock before leaving the system unattended
ac-11_odp.02
time period

Supplemental Guidance

Device locks are temporary actions taken to prevent logical access to organizational systems when users stop work and move away from the immediate vicinity of those systems but do not want to log out because of the temporary nature of their absences. Device locks can be implemented at the operating system level or at the application level. A proximity lock may be used to initiate the device lock (e.g., via a Bluetooth-enabled device or dongle). User-initiated device locking is behavior or policy-based and, as such, requires users to take physical action to initiate the device lock. Device locks are not an acceptable substitute for logging out of systems, such as when organizations require users to log out at the end of workdays.

Assessment Objective

further access to the system is prevented by one or more: initiating a device lock after ... of inactivity; requiring the user to initiate a device lock before leaving the system unattended; device lock is retained until the user re-establishes access using established identification and authentication procedures.

ATTACK
ATTACK-T1021.001relatedvia ctid-attack-to-sp800-53
ATTACK-T1563.002relatedvia ctid-attack-to-sp800-53
View in graphReport an issue
← Back to Access Control
Access Control147 controls
SP800-53-AC-1Policy and ProceduresSP800-53-AC-2Account ManagementSP800-53-AC-2(1)Automated System Account ManagementSP800-53-AC-2(2)Automated Temporary and Emergency Account ManagementSP800-53-AC-2(3)Disable AccountsSP800-53-AC-2(4)Automated Audit ActionsSP800-53-AC-2(5)Inactivity LogoutSP800-53-AC-2(6)Dynamic Privilege ManagementSP800-53-AC-2(7)Privileged User AccountsSP800-53-AC-2(8)Dynamic Account ManagementSP800-53-AC-2(9)Restrictions on Use of Shared and Group AccountsSP800-53-AC-2(10)Shared and Group Account Credential ChangeSP800-53-AC-2(11)Usage ConditionsSP800-53-AC-2(12)Account Monitoring for Atypical UsageSP800-53-AC-2(13)Disable Accounts for High-risk IndividualsSP800-53-AC-3Access EnforcementSP800-53-AC-3(1)Restricted Access to Privileged FunctionsSP800-53-AC-3(2)Dual AuthorizationSP800-53-AC-3(3)Mandatory Access ControlSP800-53-AC-3(4)Discretionary Access ControlSP800-53-AC-3(5)Security-relevant InformationSP800-53-AC-3(6)Protection of User and System InformationSP800-53-AC-3(7)Role-based Access ControlSP800-53-AC-3(8)Revocation of Access AuthorizationsSP800-53-AC-3(9)Controlled ReleaseSP800-53-AC-3(10)Audited Override of Access Control MechanismsSP800-53-AC-3(11)Restrict Access to Specific Information TypesSP800-53-AC-3(12)Assert and Enforce Application AccessSP800-53-AC-3(13)Attribute-based Access ControlSP800-53-AC-3(14)Individual AccessSP800-53-AC-3(15)Discretionary and Mandatory Access ControlSP800-53-AC-4Information Flow EnforcementSP800-53-AC-4(1)Object Security and Privacy AttributesSP800-53-AC-4(2)Processing DomainsSP800-53-AC-4(3)Dynamic Information Flow ControlSP800-53-AC-4(4)Flow Control of Encrypted InformationSP800-53-AC-4(5)Embedded Data TypesSP800-53-AC-4(6)MetadataSP800-53-AC-4(7)One-way Flow MechanismsSP800-53-AC-4(8)Security and Privacy Policy FiltersSP800-53-AC-4(9)Human ReviewsSP800-53-AC-4(10)Enable and Disable Security or Privacy Policy FiltersSP800-53-AC-4(11)Configuration of Security or Privacy Policy FiltersSP800-53-AC-4(12)Data Type IdentifiersSP800-53-AC-4(13)Decomposition into Policy-relevant SubcomponentsSP800-53-AC-4(14)Security or Privacy Policy Filter ConstraintsSP800-53-AC-4(15)Detection of Unsanctioned InformationSP800-53-AC-4(16)Information Transfers on Interconnected SystemsSP800-53-AC-4(17)Domain AuthenticationSP800-53-AC-4(18)Security Attribute BindingSP800-53-AC-4(19)Validation of MetadataSP800-53-AC-4(20)Approved SolutionsSP800-53-AC-4(21)Physical or Logical Separation of Information FlowsSP800-53-AC-4(22)Access OnlySP800-53-AC-4(23)Modify Non-releasable InformationSP800-53-AC-4(24)Internal Normalized FormatSP800-53-AC-4(25)Data SanitizationSP800-53-AC-4(26)Audit Filtering ActionsSP800-53-AC-4(27)Redundant/Independent Filtering MechanismsSP800-53-AC-4(28)Linear Filter PipelinesSP800-53-AC-4(29)Filter Orchestration EnginesSP800-53-AC-4(30)Filter Mechanisms Using Multiple ProcessesSP800-53-AC-4(31)Failed Content Transfer PreventionSP800-53-AC-4(32)Process Requirements for Information TransferSP800-53-AC-5Separation of DutiesSP800-53-AC-6Least PrivilegeSP800-53-AC-6(1)Authorize Access to Security FunctionsSP800-53-AC-6(2)Non-privileged Access for Nonsecurity FunctionsSP800-53-AC-6(3)Network Access to Privileged CommandsSP800-53-AC-6(4)Separate Processing DomainsSP800-53-AC-6(5)Privileged AccountsSP800-53-AC-6(6)Privileged Access by Non-organizational UsersSP800-53-AC-6(7)Review of User PrivilegesSP800-53-AC-6(8)Privilege Levels for Code ExecutionSP800-53-AC-6(9)Log Use of Privileged FunctionsSP800-53-AC-6(10)Prohibit Non-privileged Users from Executing Privileged FunctionsSP800-53-AC-7Unsuccessful Logon AttemptsSP800-53-AC-7(1)Automatic Account LockSP800-53-AC-7(2)Purge or Wipe Mobile DeviceSP800-53-AC-7(3)Biometric Attempt LimitingSP800-53-AC-7(4)Use of Alternate Authentication FactorSP800-53-AC-8System Use NotificationSP800-53-AC-9Previous Logon NotificationSP800-53-AC-9(1)Unsuccessful LogonsSP800-53-AC-9(2)Successful and Unsuccessful LogonsSP800-53-AC-9(3)Notification of Account ChangesSP800-53-AC-9(4)Additional Logon InformationSP800-53-AC-10Concurrent Session ControlSP800-53-AC-11Device LockSP800-53-AC-11(1)Pattern-hiding DisplaysSP800-53-AC-12Session TerminationSP800-53-AC-12(1)User-initiated LogoutsSP800-53-AC-12(2)Termination MessageSP800-53-AC-12(3)Timeout Warning MessageSP800-53-AC-13Supervision and Review — Access ControlSP800-53-AC-14Permitted Actions Without Identification or AuthenticationSP800-53-AC-14(1)Necessary UsesSP800-53-AC-15Automated MarkingSP800-53-AC-16Security and Privacy AttributesSP800-53-AC-16(1)Dynamic Attribute AssociationSP800-53-AC-16(2)Attribute Value Changes by Authorized IndividualsSP800-53-AC-16(3)Maintenance of Attribute Associations by SystemSP800-53-AC-16(4)Association of Attributes by Authorized IndividualsSP800-53-AC-16(5)Attribute Displays on Objects to Be OutputSP800-53-AC-16(6)Maintenance of Attribute AssociationSP800-53-AC-16(7)Consistent Attribute InterpretationSP800-53-AC-16(8)Association Techniques and TechnologiesSP800-53-AC-16(9)Attribute Reassignment — Regrading MechanismsSP800-53-AC-16(10)Attribute Configuration by Authorized IndividualsSP800-53-AC-17Remote AccessSP800-53-AC-17(1)Monitoring and ControlSP800-53-AC-17(2)Protection of Confidentiality and Integrity Using EncryptionSP800-53-AC-17(3)Managed Access Control PointsSP800-53-AC-17(4)Privileged Commands and AccessSP800-53-AC-17(5)Monitoring for Unauthorized ConnectionsSP800-53-AC-17(6)Protection of Mechanism InformationSP800-53-AC-17(7)Additional Protection for Security Function AccessSP800-53-AC-17(8)Disable Nonsecure Network ProtocolsSP800-53-AC-17(9)Disconnect or Disable AccessSP800-53-AC-17(10)Authenticate Remote CommandsSP800-53-AC-18Wireless AccessSP800-53-AC-18(1)Authentication and EncryptionSP800-53-AC-18(2)Monitoring Unauthorized ConnectionsSP800-53-AC-18(3)Disable Wireless NetworkingSP800-53-AC-18(4)Restrict Configurations by UsersSP800-53-AC-18(5)Antennas and Transmission Power LevelsSP800-53-AC-19Access Control for Mobile DevicesSP800-53-AC-19(1)Use of Writable and Portable Storage DevicesSP800-53-AC-19(2)Use of Personally Owned Portable Storage DevicesSP800-53-AC-19(3)Use of Portable Storage Devices with No Identifiable OwnerSP800-53-AC-19(4)Restrictions for Classified InformationSP800-53-AC-19(5)Full Device or Container-based EncryptionSP800-53-AC-20Use of External SystemsSP800-53-AC-20(1)Limits on Authorized UseSP800-53-AC-20(2)Portable Storage Devices — Restricted UseSP800-53-AC-20(3)Non-organizationally Owned Systems — Restricted UseSP800-53-AC-20(4)Network Accessible Storage Devices — Prohibited UseSP800-53-AC-20(5)Portable Storage Devices — Prohibited UseSP800-53-AC-21Information SharingSP800-53-AC-21(1)Automated Decision SupportSP800-53-AC-21(2)Information Search and RetrievalSP800-53-AC-22Publicly Accessible ContentSP800-53-AC-23Data Mining ProtectionSP800-53-AC-24Access Control DecisionsSP800-53-AC-24(1)Transmit Access Authorization InformationSP800-53-AC-24(2)No User or Process IdentitySP800-53-AC-25Reference Monitor