SC-23.1: Invalidate Session Identifiers at Logout

SC-23.1 · Invalidate Session Identifiers at Logout

Control Description

Invalidate session identifiers upon user logout or other session termination.

Impact Baselines

Security baselines where this control applies

Not in any baseline

Control Properties

SP800-53-enhancement

system

Enhancement

Control Statement

The control requirements

Invalidate session identifiers upon user logout or other session termination.

Supplemental Guidance

Invalidating session identifiers at logout curtails the ability of adversaries to capture and continue to employ previously valid session IDs.