Documentation - V-222443

V-222443

Application Security and Development Security Technical Implementation Guide

CAT II

Title

The application must provide audit record generation capability for the renewal of session IDs.

Description

<VulnDiscussion>Application design sometimes requires the renewal of session IDs in order to continue approved user access to the application. Session renewal is done on a case by case basis under circumstances defined by the application architecture. The following are some examples of when session renewal must be done; whenever there is a change in user privilege such as transitioning from a user to an admin role or when a user changes from an anonymous user to an authenticated user or when a ...

Fix Text (Documentation Requirement)

Design or reconfigure the application to log session renewal events on those application events that provide changes in the users privileges or permissions to the application.

View Full STIG Details →

Documentation Status

Status

Documented Verified - link to a ship document Awaiting Review Evidence submitted, needs verification Pending Needs documentation Not Required Documentation not needed Not Applicable STIG doesn't apply

Notes (Optional)

Cancel