From 70c2a797724cc812712fcbee80444cf884f80857 Mon Sep 17 00:00:00 2001 From: Josh Grossman Date: Wed, 24 Jan 2024 11:28:04 +0200 Subject: [PATCH] Change to singular to resolve: https://github.com/OWASP/ASVS/pull/1819/files#r1458467542 --- 5.0/en/0x12-V3-Session-management.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/5.0/en/0x12-V3-Session-management.md b/5.0/en/0x12-V3-Session-management.md index 4a96127425..e0eb243aad 100644 --- a/5.0/en/0x12-V3-Session-management.md +++ b/5.0/en/0x12-V3-Session-management.md @@ -30,7 +30,7 @@ As previously noted, these requirements have been adapted to be a compliant subs TLS or another secure transport channel is mandatory for session management. This is covered in the Communications Security chapter. -## V3.3 Session Timeouts +## V3.3 Session Timeout Session timeouts have been aligned with NIST SP 800-63, which permits much longer session timeouts than traditionally permitted by security standards. Organizations should review the table below, and if a longer time out is desirable based on the application's risk, the NIST value should be the upper bounds of session idle timeouts.