Navigate

CCI-001189

CCI-001189 Definition

The organization defines randomness requirements for generating unique session identifiers.

Status
Type	CheckType.policy

Master Assessment Datasheet

Implementation Guidance

The organization being inspected/assessed defines and documents randomness requirements for generating unique session identifiers. DoD has determined the randomness requirements are not appropriate to define at the Enterprise level.

Validation Procedures

The organization conducting the inspection/assessment obtains and examines the documented randomness requirements to ensure the organization being inspected/assessed defines randomness requirements for generating unique session identifiers. DoD has determined the randomness requirements are not appropriate to define at the Enterprise level.

Compelling Evidence

1.) Signed and dated documentation that describes organization-defined randomness requirements for generating unique session identifiers.

Related Controls

The controls below (if any) were marked by NIST as being related to CCI-001189.

Control	Description
SC-23 (3)	The information system generates a unique session identifier for each session with [Assignment: organization-defined randomness requirements] and recognizes only session identifiers that are system-generated.