SC-23(1)

  • Requirement

    Invalidate session identifiers upon user logout or other session termination.

  • Discussion

    Invalidating session identifiers at logout curtails the ability of adversaries to capture and continue to employ previously valid session IDs.

More Info

  • Title

    Session Authenticity | Invalidate Session Identifiers at Logout
  • Family

    System and Communications Protection
  • NIST 800-53B Baseline(s)

    • Related NIST 800-53 ID

    NIST 800-53A Assessment Guidance

    CMMC Training

    Our CMMC Overview Course simplifies CMMC. Enroll so you can make informed decisions!