STIGhubSTIGhub
STIGsRMF ControlsCompare
STIGhub— A free STIG search and compliance tool·STIGs updated 3 days ago
Powered by Pylon·Privacy·Terms·© 2026 Beacon Cloud Solutions, Inc.
← All Controls

SC-23 (3)

System and Communications ProtectionRev 5system

Unique System-generated Session Identifiers

Control Statement

Generate a unique session identifier for each session with [Assignment: randomness requirements] and recognize only session identifiers that are system-generated.

Supplemental Guidance

Generating unique session identifiers curtails the ability of adversaries to reuse previously valid session IDs. Employing the concept of randomness in the generation of unique session identifiers protects against brute-force attacks to determine future session identifiers.

Related Controls (3)

AC-10SC-12SC-13

CCI Identifiers (4)

CCI-001187The information system generates a unique session identifier for each session.CCI-001189Defines randomness requirements for generating unique session identifiers.CCI-001188Generate a unique session identifier for each session with organization-defined randomness requirements.CCI-001664Recognize only session identifiers that are system-generated.

Linked STIG Checks (105)

Across 68 STIGs. Click to expand.