Unauthorized users access operating systems by physically or logically accessing valid inactive and/or unattended sessions.
The information system protects the authenticity of communications sessions.
Users should use an individual ID to access information systems.
No statewide control
Obtain system and communications protection policy; procedures addressing session authenticity; NIST Special Publications 800-52, 800-77, and 800-95; information system design documentation; information system configuration settings and associated documentation; other relevant documents or records and ascertain if:
(I)the information system provides mechanisms to protect the authenticity of communications sessions.
