SC-23(1): Invalidate Session Identifiers At Logout
Control Family:
Parent Control:
CSF v1.1 References:
Threats Addressed:
Baselines:
(Not part of any baseline)
Next Version:
- NIST Special Publication 800-53 Revision 5:
- SC-23(1): Invalidate Session Identifiers at Logout
Control Statement
The information system invalidates session identifiers upon user logout or other session termination.
Supplemental Guidance
This control enhancement curtails the ability of adversaries from capturing and continuing to employ previously valid session IDs.