Device Class 1: Re-authentication
Control ID: IA-11 Re-authentication | Family: Identification and Authentication | Source: NIST 800-53r4 | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Control: The organization requires users and devices to re-authenticate to obtain access to protected resources when (i) authenticators (e.g. enrolment certificate, pseudonym certificate, application certificate) change; (ii) service provider changes during an activity engaged with that service provider; (iii) when security categories of information systems change; (iv), when the execution of privileged functions occurs; (v) after a fixed period of time; and (vi) periodically | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Supplemental Guidance: In addition to the re-authentication requirements associated with session locks, organizations may require re-authentication of individuals and/or devices in other situations including, for example: (i) when authenticators change; (ii), when roles change; (iii) when security categories of information systems change; (iv), when the execution of privileged functions occurs; (v) after a fixed period of time; or (vi) periodically. Related Controls: AC-11 |
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Control Enhancements: N/A | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
References: N/A | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Mechanisms:
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Protocol Implementation Conformance Statements:
|