Description
Applicability
-
This Control applies to all Texas A&M information resources. The intended audience for this Control includes all owners and custodians of information resources.
Implementation
-
1
In addition to the re-authentication requirements associated with device locks (See AC-11), information resource owners may require re-authentication of individuals in certain situations, such as:
-
1.1
When roles, authenticators, or credentials change,
-
1.2
When security categories of systems change,
-
1.3
When the execution of privileged functions occurs, or
-
1.4
After a fixed time period.
-
1.1
-
2
The lifetime of browser cookies used for binding authenticated sessions to university information resources shall be limited to no more than five (5) days.