Re-authentication | IA-11

Description

Information Resources must require periodic reauthentication for users and devices in the following circumstances of situations: 

  • Where feasible, re-authentication must occur:
    • When roles, authenticators, or credentials change.
    • When a privileged function occurs.
  • Browser cookies used for binding authenticated sessions to MCC-owned or managed information resources must expire in 5 days or less.
  • Workstation must be configured to automatically lock after 30 minutes of inactivity. 
  • Multifactor authentication must be configured to force reauthentication every 30 days or less.

Last updated: 5/13/2026

Contact Hours or Questions?

Information on Tech Support