Skip to content

IA-11: Re-authentication

An OSCAL Control

Statement

    • Require users to re-authenticate when .

        • Guidance:

          The fixed time period cannot exceed the limits set in SP 800-63. At this writing they are:

          • AAL3 (high baseline)
            • 12 hours or
            • 15 minutes of inactivity