You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
@@ -27,6 +27,7 @@ As previously noted, these requirements have been adapted to be a compliant subs
|**3.2.2**|[MODIFIED] Verify that opaque session tokens possess at least 128 bits of entropy. | ✓ | ✓ | ✓ | 331 | 7.1 |
|**3.2.3**|[DELETED, MERGED TO 8.2.2]||||||
|**3.2.4**|[MODIFIED] Verify that opaque session tokens are generated using a secure random function. || ✓ | ✓ | 330 | 7.1 |
|**3.2.5**|[ADDED] Verify that creating a session for the application requires the user's consent and that the application is protected against a CSRF-style attack where a new application session for the user is created via SSO without user interaction. || ✓ | ✓ |||
TLS or another secure transport channel is mandatory for session management. This is covered in the Communications Security chapter.
