SC-23(3)

  • Requirement

    Generate a unique session identifier for each session with [Assignment: organization-defined randomness requirements] and recognize only session identifiers that are system-generated.

  • Discussion

    Generating unique session identifiers curtails the ability of adversaries to reuse previously valid session IDs. Employing the concept of randomness in the generation of unique session identifiers protects against brute-force attacks to determine future session identifiers.

More Info

  • Title

    Session Authenticity | Unique System-generated Session Identifiers
  • Family

    System and Communications Protection
  • NIST 800-53B Baseline(s)

    • Related NIST 800-53 ID

      AC-10;SC-12;SC-13

    NIST 800-53A Assessment Guidance

    CMMC Training

    Our CMMC Overview Course simplifies CMMC. Enroll so you can make informed decisions!