SC-23(03) Unique System-generated Session Identifiers
Generate a unique session identifier for each session with sc-23.03_odp and recognize only session identifiers that are system-generated.
| Parameter ID | Definition |
|---|---|
| sc-23.03_odp | randomness requirements |
Baselines
- L
- M
- H
- P
Guidance
Generating unique session identifiers curtails the ability of adversaries to reuse previously valid session IDs. Employing the concept of randomness in the generation of unique session identifiers protects against brute-force attacks to determine future session identifiers.
Related controls 3
- AC-10 Concurrent Session Control L M H P
- SC-12 Cryptographic Key Establishment and Management L M H P
- SC-13 Cryptographic Protection L M H P