NIST Compliance Questions

We recently received a question from a customer about how we meet NIST the requirement 3.13.09 for session termination and I wanted to share this here incase someone else is going through the same process.

3.13.09 - Terminate network connections associated with communications sessions at the end of the sessions or after a defined period of inactivity.

The answer is pretty simple, when you log into through either the dashboard or flyctl auth login we issue you a session token which is is valid for one week. After this your token is invalid and you’ll need to log in again.