last sync: 2024-Jun-18 16:46:26 UTC

Invalidate session identifiers at logout | Regulatory Compliance - Operational

Azure BuiltIn Policy definition

Source Azure Portal
Display name Invalidate session identifiers at logout
Id 396f465d-375e-57de-58ba-021adb008191
Version 1.1.0
Details on versioning
Category Regulatory Compliance
Microsoft Learn
Description CMA_C1661 - Invalidate session identifiers at logout
Additional metadata Name/Id: CMA_C1661 / CMA_C1661
Category: Operational
Title: Invalidate session identifiers at logout
Ownership: Customer
Description: The customer is responsible for invalidating session identifiers at logout or other session termination.
Requirements: The customer is responsible for implementing this recommendation.
Mode All
Type BuiltIn
Preview False
Deprecated False
Effect Default
Manual
Allowed
Manual, Disabled
RBAC role(s) none
Rule aliases none
Rule resource types IF (1)
Microsoft.Resources/subscriptions
Compliance
The following 3 compliance controls are associated with this Policy definition 'Invalidate session identifiers at logout' (396f465d-375e-57de-58ba-021adb008191)
Control Domain Control Name MetadataId Category Title Owner Requirements Description Info Policy#
FedRAMP_High_R4 SC-23(1) FedRAMP_High_R4_SC-23(1) FedRAMP High SC-23 (1) System And Communications Protection Invalidate Session Identifiers At Logout Shared n/a The information system invalidates session identifiers upon user logout or other session termination. Supplemental Guidance: This control enhancement curtails the ability of adversaries from capturing and continuing to employ previously valid session IDs. link 1
NIST_SP_800-53_R4 SC-23(1) NIST_SP_800-53_R4_SC-23(1) NIST SP 800-53 Rev. 4 SC-23 (1) System And Communications Protection Invalidate Session Identifiers At Logout Shared n/a The information system invalidates session identifiers upon user logout or other session termination. Supplemental Guidance: This control enhancement curtails the ability of adversaries from capturing and continuing to employ previously valid session IDs. link 1
NIST_SP_800-53_R5 SC-23(1) NIST_SP_800-53_R5_SC-23(1) NIST SP 800-53 Rev. 5 SC-23 (1) System and Communications Protection Invalidate Session Identifiers at Logout Shared n/a Invalidate session identifiers upon user logout or other session termination. link 1
Initiatives usage
Initiative DisplayName Initiative Id Initiative Category State Type
FedRAMP High d5264498-16f4-418a-b659-fa7ef418175f Regulatory Compliance GA BuiltIn
NIST SP 800-53 Rev. 4 cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f Regulatory Compliance GA BuiltIn
NIST SP 800-53 Rev. 5 179d1daa-458f-4e47-8086-2a68d0d6c38f Regulatory Compliance GA BuiltIn
History
Date/Time (UTC ymd) (i) Change type Change detail
2022-09-27 16:35:32 change Minor (1.0.0 > 1.1.0)
2022-09-19 17:41:40 add 396f465d-375e-57de-58ba-021adb008191
JSON compare
compare mode: version left: version right:
JSON
api-version=2021-06-01
EPAC