AzPolicyAdvertizer

last sync: 2025-Nov-03 18:22:57 UTC

Invalidate session identifiers at logout | Regulatory Compliance - Operational

Azure BuiltIn Policy definition

Source

Azure Portal

Display name

Invalidate session identifiers at logout

396f465d-375e-57de-58ba-021adb008191

Version

1.1.0
Details on versioning

Versioning

Versions supported for Versioning: 1
1.1.0
Built-in Versioning [Preview]

Category

Regulatory Compliance
Microsoft Learn

Description

CMA_C1661 - Invalidate session identifiers at logout

Cloud environments

AzureCloud = true
AzureUSGovernment = unknown
AzureChinaCloud = unknown

Available in AzUSGov

Unknown, no evidence if Policy definition is/not available in AzureUSGovernment

Additional metadata

Name/Id: CMA_C1661 / CMA_C1661
Category: Operational
Title: Invalidate session identifiers at logout
Ownership: Customer
Description: The customer is responsible for invalidating session identifiers at logout or other session termination.
Requirements: The customer is responsible for implementing this recommendation.

Mode

All

Type

BuiltIn

Preview

False

Deprecated

False

Effect

Default
Manual
Allowed
Manual, Disabled

RBAC role(s)

none

Rule aliases

none

Rule resource types

IF (1)

Microsoft.Resources/subscriptions

Compliance

The following 3 compliance controls are associated with this Policy definition 'Invalidate session identifiers at logout' (396f465d-375e-57de-58ba-021adb008191)

Control Domain	Control	Name	MetadataId	Category	Title	Owner	Requirements	Description	Info	Policy#
FedRAMP_High_R4	SC-23(1)	FedRAMP_High_R4_SC-23(1)	FedRAMP High SC-23 (1)	System And Communications Protection	Invalidate Session Identifiers At Logout	Shared	n/a	The information system invalidates session identifiers upon user logout or other session termination. Supplemental Guidance: This control enhancement curtails the ability of adversaries from capturing and continuing to employ previously valid session IDs.	link	1
NIST_SP_800-53_R4	SC-23(1)	NIST_SP_800-53_R4_SC-23(1)	NIST SP 800-53 Rev. 4 SC-23 (1)	System And Communications Protection	Invalidate Session Identifiers At Logout	Shared	n/a	The information system invalidates session identifiers upon user logout or other session termination. Supplemental Guidance: This control enhancement curtails the ability of adversaries from capturing and continuing to employ previously valid session IDs.	link	1
NIST_SP_800-53_R5	SC-23(1)	NIST_SP_800-53_R5_SC-23(1)	NIST SP 800-53 Rev. 5 SC-23 (1)	System and Communications Protection	Invalidate Session Identifiers at Logout	Shared	n/a	Invalidate session identifiers upon user logout or other session termination.	link	1

Initiatives usage

Initiative DisplayName	Initiative Id	Initiative Category	State	Type	polSet in AzUSGov
FedRAMP High	d5264498-16f4-418a-b659-fa7ef418175f	Regulatory Compliance	GA	BuiltIn	true
NIST SP 800-53 Rev. 4	cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f	Regulatory Compliance	GA	BuiltIn	true
NIST SP 800-53 Rev. 5	179d1daa-458f-4e47-8086-2a68d0d6c38f	Regulatory Compliance	GA	BuiltIn	true

History

Date/Time (UTC ymd) (i)	Change type	Change detail
2022-09-27 16:35:32	change	Minor (1.0.0 > 1.1.0)
2022-09-19 17:41:40	add	396f465d-375e-57de-58ba-021adb008191

JSON compare

compare mode: version left: version right:

JSON

api-version=2021-06-01
EPAC