← Back to catalog
SC-23(1)

Invalidate Session Identifiers at Logout

System and Communications Protection (SC)
Baselines
Low · Not includedModerate · Not includedHigh · Not included
Description

Invalidate session identifiers upon user logout or other session termination.

Discussion

Invalidating session identifiers at logout curtails the ability of adversaries to capture and continue to employ previously valid session IDs.

Implementation guidance

No content available.

CSF 2.0 crosswalk

No CSF mappings exist for this control.