NIST-800-53-IA-2 8

Identification and Authentication (Organizational Users) | Network Access to Privileged Accounts - Replay Resistant


Access keys and user accounts can be revoked using IAM. Sessions terminate after 10 minutes.

Identification and Authentication Policy for 18F implements UAA which has session tokens and CSRF prevention that prevents replay attacks.

Covered By:

User Account and Authentication (UAA) Server a limit of 5 consecutive invalid logon attempts by a user during a 15 minute period Automatically; locks the account/node for 20 minutes when the maximum number of unsuccessful attempts is exceeded Account log out is set to 15 minutes of inactivity.

results matching ""

    No results matching ""