We recently received a question from a customer about how we meet NIST the requirement 3.13.09
for session termination and I wanted to share this here incase someone else is going through the same process.
3.13.09 - Terminate network connections associated with communications sessions at the end of the sessions or after a defined period of inactivity.
The answer is pretty simple, when you log into Fly.io through either the dashboard or flyctl auth login
we issue you a session token which is is valid for one week. After this your token is invalid and you’ll need to log in again.