SC-23 (1)
SC-23 (1): Invalidate Session Identifiers At Logout
The information system invalidates session identifiers upon user logout or other session termination.
Supplemental
This control enhancement curtails the ability of adversaries from capturing and continuing to employ previously valid session IDs.
| CIA Levels | |
|---|---|
| Confidentiality | unknown |
| Integrity | low |
| Availability | unknown |
| Overlays |
|---|
| None |