This Control applies to all Texas A&M information resources. The intended audience for this Control includes all owners and custodians of information resources.

In addition to the re-authentication requirements associated with device locks (See AC-11), information resource owners may require re-authentication of individuals in certain situations, such as:

• 1.1

  When roles, authenticators, or credentials change,

• 1.2

  When security categories of systems change,

• 1.3

  When the execution of privileged functions occurs, or

• 1.4

  After a fixed time period.

The lifetime of browser cookies used for binding authenticated sessions to university information resources shall be limited to no more than five (5) days.