IA-11: Re-authentication

Statement

• Require users to re-authenticate when circumstances or situations .

  • • Guidance:

      The fixed time period cannot exceed the limits set in SP 800-63. At this writing they are:

      • AAL3 (high baseline)
        • 12 hours or
        • 15 minutes of inactivity