>myctrl.tools
Preferences
Under active development Content is continuously updated and improved
Compare

SC-23(3)Session Authenticity

PBMM (P2)
Secret (P2)
Technical

>Control Description

SESSION AUTHENTICITY | UNIQUE SESSION IDENTIFIERS WITH RANDOMIZATION The information system generates a unique session identifier for each session with organization-defined randomness requirements and recognizes only session identifiers that are system-generated.

>Supplemental Guidance

This control enhancement curtails the ability of adversaries from reusing previously valid session IDs. Employing the concept of randomness in the generation of unique session identifiers helps to protect against brute-force attacks to determine future session identifiers. Related control: SC-13.

Ask AI

Configure your API key to use AI features.