Skip to content
ATO Pathways
  Log In

IA-11: Re-authentication

An OSCAL Control

Statement

    • Require users to re-authenticate when .

        • Guidance:

          The fixed time period cannot exceed the limits set in SP 800-63. At this writing they are:

          • AAL1 (low baseline)
            • 30 days of extended session
            • No limit on inactivity