OWASP#2172 - inactivity timeout based on documentated decisions

elarlang · Oct 28, 2024 · a76d74b · a76d74b
1 parent 8cccc80
commit a76d74b
Showing 1 changed file with 1 addition and 1 deletion.
diff --git a/5.0/en/0x12-V3-Session-management.md b/5.0/en/0x12-V3-Session-management.md
@@ -43,7 +43,7 @@ L1 in this context is IAL1/AAL1, L2 is IAL2/AAL3, L3 is IAL3/AAL3. For both IAL2
 | **3.3.2** | [MODIFIED, SPLIT TO 3.3.5] Verify that there is an absolute maximum session lifetime such that re-authentication is enforced according to risk analysis and documented security decisions. | ✓ | ✓ | ✓ | | |
 | **3.3.3** | [MOVED TO 3.8.2] | | | | | |
 | **3.3.4** | [MOVED TO 3.8.3] | | | | | |
-| **3.3.5** | [ADDED, SPLIT FROM 3.3.2] Verify that re-authentication is required after 30 minutes of inactivity for L2 applications or after 15 minutes of inactivity for L3 applications. | | ✓ | ✓ | 613 | 7.2 |
+| **3.3.5** | [ADDED, SPLIT FROM 3.3.2] Verify that there is an inactivity timeout such that re-authentication is enforced according to risk analysis and documented security decisions. | ✓ | ✓ | ✓ | 613 | 7.2 |
 
 ## V3.4 Cookie-based Session Management