SB3: A mechanism must be used to force re-authentication to user accounts after an idle period, whether the system is managed directly by Harvard or via contract with a third-party service provider for Harvard's use (e.g. IaaS, SaaS). See also: Level 3, Level 4, 8, Servers B, Level 3, Level 4
Force re-authentication with locking screensaver Force re-authentication with a locking screen saver on client machine.
Set application inactivity time-out Force re-authentication after a defined period of inactivity within the server-side application, where this feature is available.