Notify upcoming expiration dates
Summary
The system must notify users when their credentials are about to expire.
Description
This requirement specifies that users must be notified when their credentials are about to expire. This is a proactive security measure that promotes user awareness, encourages timely credential updates, and contributes to the overall security of the system. The notification should include clear instructions on how users can change or update their credentials.
Supported In
This requirement is verified in following services
| Plan | Supported |
|---|---|
| Essential | 🔴 |
| Advanced | 🟢 |
References
- CMMC-AC_L2-3_1_9. Privacy & security notices
- FedRAMP-SI-5. Security alerts, advisories, and directives
- ISA/IEC 62443-IAC-1_12. System use notification
- OWASP Top 10 Privacy Risks-P8. Missing or insufficient session expiration
Search for vulnerabilities in your apps for free with Fluid Attacks' automated security testing! Start your 21-day free trial and discover the benefits of the Continuous Hacking Essential plan. If you prefer the Advanced plan, which includes the expertise of Fluid Attacks' hacking team, fill out this contact form.