Generate a unique session identifier for each session with [Assignment: organization-defined randomness requirements] and recognize only session identifiers that are system-generated.
|
|
| Control Identifier | SC-23(3) |
| Latest Sync Date | 19/12/24 09:18:14 |
| Discussion | Generating unique session identifiers curtails the ability of adversaries to reuse previously valid session IDs. Employing the concept of randomness in the generation of unique session identifiers protects against brute-force attacks to determine future session identifiers. |
| Related Controls | AC-10, SC-12, SC-13. |