← Back to catalog
SC-23(3)
Unique System-generated Session Identifiers
System and Communications Protection (SC)
Baselines
Low · Not includedModerate · Not includedHigh · Not included
Description
Generate a unique session identifier for each session with [assignment] and recognize only session identifiers that are system-generated.
Discussion
Generating unique session identifiers curtails the ability of adversaries to reuse previously valid session IDs. Employing the concept of randomness in the generation of unique session identifiers protects against brute-force attacks to determine future session identifiers.
Implementation guidance
No content available.
CSF 2.0 crosswalk
No CSF mappings exist for this control.