Skip to main content

💼 SC-23(3) Session Authenticity | Unique System-generated Session Identifiers

  • Contextual name: 💼 SC-23(3) Session Authenticity | Unique System-generated Session Identifiers
  • ID: /frameworks/nist-sp-800-53-r5/sc/23/03
  • Located in: 💼 SC-23 Session Authenticity

Description

Generate a unique session identifier for each session with [Assignment: organization-defined randomness requirements] and recognize only session identifiers that are system-generated.

Similar

  • Sections
    • /frameworks/aws-fsbp-v1.0.0/api-gateway/02
    • /frameworks/aws-fsbp-v1.0.0/cloudfront/03
    • /frameworks/aws-fsbp-v1.0.0/cloudfront/07
    • /frameworks/aws-fsbp-v1.0.0/cloudfront/08
    • /frameworks/aws-fsbp-v1.0.0/dms/09
    • /frameworks/aws-fsbp-v1.0.0/elasticache/05
    • /frameworks/aws-fsbp-v1.0.0/elb/01
    • /frameworks/aws-fsbp-v1.0.0/elb/03
    • /frameworks/aws-fsbp-v1.0.0/elb/08
    • /frameworks/aws-fsbp-v1.0.0/elb/17
    • /frameworks/aws-fsbp-v1.0.0/emr/04
    • /frameworks/aws-fsbp-v1.0.0/es/03
    • /frameworks/aws-fsbp-v1.0.0/es/08
    • /frameworks/aws-fsbp-v1.0.0/msk/01
    • /frameworks/aws-fsbp-v1.0.0/opensearch/03
    • /frameworks/aws-fsbp-v1.0.0/opensearch/08
    • /frameworks/aws-fsbp-v1.0.0/redshift/02
    • /frameworks/aws-fsbp-v1.0.0/s3/05
  • Internal
    • ID: dec-c-0e88869e

Similar Sections (Take Policies From)

SectionSub SectionsInternal RulesPoliciesFlags
💼 AWS Foundational Security Best Practices v1.0.0 → 💼 [APIGateway.2] API Gateway REST API stages should be configured to use SSL certificates for backend authentication"11
💼 AWS Foundational Security Best Practices v1.0.0 → 💼 [CloudFront.3] CloudFront distributions should require encryption in transit11
💼 AWS Foundational Security Best Practices v1.0.0 → 💼 [CloudFront.7] CloudFront distributions should use custom SSL/TLS certificates11
💼 AWS Foundational Security Best Practices v1.0.0 → 💼 [CloudFront.8] CloudFront distributions should use SNI to serve HTTPS requests11
💼 AWS Foundational Security Best Practices v1.0.0 → 💼 [DMS.9] DMS endpoints should use SSL11
💼 AWS Foundational Security Best Practices v1.0.0 → 💼 [ElastiCache.5] ElastiCache replication groups should be encrypted in transit
💼 AWS Foundational Security Best Practices v1.0.0 → 💼 [ELB.1] Application Load Balancer should be configured to redirect all HTTP requests to HTTPS
💼 AWS Foundational Security Best Practices v1.0.0 → 💼 [ELB.3] Classic Load Balancer listeners should be configured with HTTPS or TLS termination
💼 AWS Foundational Security Best Practices v1.0.0 → 💼 [ELB.8] Classic Load Balancers with SSL listeners should use a predefined security policy that has strong AWS Configuration
💼 AWS Foundational Security Best Practices v1.0.0 → 💼 [ELB.17] Application and Network Load Balancers with listeners should use recommended security policies
💼 AWS Foundational Security Best Practices v1.0.0 → 💼 [EMR.4] Amazon EMR security configurations should be encrypted in transit
💼 AWS Foundational Security Best Practices v1.0.0 → 💼 [ES.3] Elasticsearch domains should encrypt data sent between nodes
💼 AWS Foundational Security Best Practices v1.0.0 → 💼 [ES.8] Connections to Elasticsearch domains should be encrypted using the latest TLS security policy
💼 AWS Foundational Security Best Practices v1.0.0 → 💼 [MSK.1] MSK clusters should be encrypted in transit among broker nodes
💼 AWS Foundational Security Best Practices v1.0.0 → 💼 [Opensearch.3] OpenSearch domains should encrypt data sent between nodes
💼 AWS Foundational Security Best Practices v1.0.0 → 💼 [Opensearch.8] Connections to OpenSearch domains should be encrypted using the latest TLS security policy
💼 AWS Foundational Security Best Practices v1.0.0 → 💼 [Redshift.2] Connections to Amazon Redshift clusters should be encrypted in transit
💼 AWS Foundational Security Best Practices v1.0.0 → 💼 [S3.5] S3 general purpose buckets should require requests to use SSL11

Sub Sections

SectionSub SectionsInternal RulesPoliciesFlags

Policies (6)

PolicyLogic CountFlags
📝 AWS API Gateway REST API Stage is not configured to use an SSL certificate for authentication 🟢1🟢 x6
📝 AWS CloudFront Web Distribution Cache Behaviors allow unencrypted traffic 🟢1🟢 x6
📝 AWS CloudFront Web Distribution uses default SSL/TLS certificate 🟢1🟢 x6
📝 AWS CloudFront Web Distribution uses Dedicated IP for SSL 🟢1🟢 x6
📝 AWS DMS Endpoint doesn't use SSL 🟢1🟢 x6
📝 AWS S3 Bucket Policy is not set to deny HTTP requests 🟢1🟢 x6