ASVS Requirement 7.1.1

• Level: 2
• Chapter: V7 Session Management
• Section: V7.1 Session Management Documentation
• Source: 0x16-V7-Session-Management.md

Description

Verify that the user's session inactivity timeout and absolute maximum session lifetime are documented, are appropriate in combination with other controls, and that the documentation includes justification for any deviations from NIST SP 800-63B re-authentication requirements.