Skip to content

The Apache web server must generate a session ID long enough that it cannot be guessed through brute force.

An XCCDF Rule