SC-23(1): Session Authenticity | Invalidate Session Identifiers at Logout
(
)
Invalidate session identifiers upon user logout or other session termination.
Control Identifier
SC-23(1)
Latest Sync Date
19/12/24 09:18:14
Discussion
Invalidating session identifiers at logout curtails the ability of adversaries to capture and continue to employ previously valid session IDs.
Related Controls
None.
NIST 800-53 Controls Catalogue