NET-09.1 ยท Invalidate Session Identifiers at Logout

Control Description

Automated mechanisms exist to invalidate session identifiers upon user logout or other session termination.

Control Question
Assessment question for control validation

Does the organization use automated mechanisms to invalidate session identifiers upon user logout or other session termination?

Control Weighting
5
Validation Cadence
Quarterly
NIST CSF Function
Protect
Supply Chain Risk Management (SCRM) Tiers
Applicable SCRM tier levels for this control
Tier 3 - Tactical