>myctrl.tools
Preferences
Under active development Content is continuously updated and improved
Compare

IA-11Re-Authentication

Technical

>Control Description

(A) The organization requires users and devices to re-authenticate when organization-defined circumstances or situations requiring re-authentication.

>Supplemental Guidance

In addition to the re-authentication requirements associated with session locks, organizations may require re-authentication of individuals and/or devices in other situations including, for example: (i) when authenticators change; (ii), when roles change; (iii) when security categories of information systems change; (iv), when the execution of privileged functions occurs; (v) after a fixed period of time; or (vi) periodically. Related control: AC-11

>Tailoring Guidance

This security control/enhancement specifies a very specialized and/or advanced capability that is not required for all systems. Consequently, inclusion in a departmental profile is made on a case by case basis.

Ask AI

Configure your API key to use AI features.