Description

The capability for information resources to uniquely identify and re-authenticate university faculty, staff, students, and other approved users.

Applicability

  • This Control applies to all Texas A&M information resources. The intended audience for this Control includes all owners and custodians of information resources.

Implementation

  • 1

    In addition to the re-authentication requirements associated with device locks (See AC-11), information resource owners may require re-authentication of individuals in certain situations, such as:

    • 1.1

      When roles, authenticators, or credentials change,

    • 1.2

      When security categories of systems change,

    • 1.3

      When the execution of privileged functions occurs, or

    • 1.4

      After a fixed time period.

  • 2

    The lifetime of browser cookies used for binding authenticated sessions to university information resources shall be limited to no more than five (5) days.