← Back to catalog
SC-23(1)
Invalidate Session Identifiers at Logout
System and Communications Protection (SC)
Baselines
Low · Not includedModerate · Not includedHigh · Not included
Description
Invalidate session identifiers upon user logout or other session termination.
Discussion
Invalidating session identifiers at logout curtails the ability of adversaries to capture and continue to employ previously valid session IDs.
Implementation guidance
No content available.
CSF 2.0 crosswalk
No CSF mappings exist for this control.