Fluid Attacks logo
Login
Contact Us
Young hacker smiling
Zero false positives

Expert intelligence + effective automation

Contact logo Contact Us
GET A DEMO

REQ.085 Allow session history queries

This document contains the details of the security requirements related to the definition and management of logs in the organization. This requirement establishes the importance of allowing authorized users to query and inspect their own session history.

Requirement

The system must allow authorized users to inspect their own session history.

Description

Systems usually collect personal and transactional data from their users. Users should have control of their own data and, as such, should be allowed to query and inspect whatever information the system has collected from them, including their session history.

References

  1. HIPAA Security Rules 164.308(a)(1)(ii)(D): Information System Activity Review: Implement procedures to regularly review records of information system activity, such as audit logs, access reports, and security incident tracking reports.

  2. GDPR. Recital 7: The Framework is Based on Control and Certainty. Natural persons should have control of their own personal data.


Twitter logo Facebook logo LinkedIn logo YouTube logo

About Us

Values
Events
People
Partners
Location
Contact Us
Reviews

Services

One-Shot Hacking
Continuous Hacking
Differentiators
Comparative
Certifications
FAQ
Attacks

Products

Integrates
Asserts
Rules

Blog

Subscribe
Categories
Tags
Authors
Topics
Style
Format

Careers

Community
Reasons
Openings
Terms
Knowledge Test
Challenges
Immersion
FAQ
Service status - Terms of Use