3.3.2 Re-authentication occurs periodicallyΒΆ
If authenticators permit users to remain logged in, verify that re-authentication occurs periodically both when actively used or after an idle period. (C6)
| Level 1 | 30 days |
| Level 2 | 12 hours or 30 minutes of inactivity, 2FA optional |
| Level 3 | 12 hours or 15 minutes of inactivity, with 2FA |
| CWE | NIST |
|---|---|
| 613 | 7.2 |