Require users to re-authenticate when [Assignment: organization-defined circumstances or situations requiring re-authentication].
|
|
| Control Identifier | IA-11 |
| Latest Sync Date | 19/12/24 09:18:14 |
| Discussion | In addition to the re-authentication requirements associated with device locks, organizations may require re-authentication of individuals in certain situations, including when roles, authenticators or credentials change, when security categories of systems change, when the execution of privileged functions occurs, after a fixed time period, or periodically. |
| Related Controls | AC-3, AC-11, IA-2, IA-3, IA-4, IA-8. |