IA-11-727 Re-authentication


Identification and Authentication
February 13, 2018

Individuals and devices accessing Agency-owned enterprise information resources over an active session shall re-authenticate the primary authenticator against the enterprise directory at least daily. Workstations not connected to a domain controller shall require the user to re-authenticate every 14 days. The second factor of a two-factor authenticator shall be re-authenticated at least every 30 days.

Authentication may become stale, allowing a no longer authenticated user access
The organization requires users and devices to re-authenticate when [Assignment: organization-defined circumstances or situations requiring re-authentication].
Organization may require re-authentication of individuals and/or devices: a. when authenticators change; b. when roles change; c. when security categories of information systems change; d. when the execution of privileged functions occurs; e. after a fixed period of time; or f. periodically.
No statewide control