IA-11 RE-AUTHENTICATION

Page last updated:

PCF Compliance

This requirement is P0, and not required for FISMA moderate.

Access to all PCF platform functions is via tokens issued from UAA. Once issued, these tokens enable the user to establish a session at a specific PCF end point interface, such as a Web session with Apps Manager, or a CF CLI session from a command prompt. User session timeouts have default values, and these default values may be overridden by the deployer if and as needed. Upon session timeout, the user is required to initiate a new session.


Control Description

The organization requires users and devices to re-authenticate when [Assignment: organization-defined circumstances or situations requiring re-authentication].

Supplemental Guidance

In addition to the re-authentication requirements associated with session locks, organizations may require re-authentication of individuals and/or devices in other situations including, for example: (i) when authenticators change; (ii), when roles change; (iii) when security categories of information systems change; (iv), when the execution of privileged functions occurs; (v) after a fixed period of time; or (vi) periodically.