ASVS icon indicating copy to clipboard operation
ASVS copied to clipboard

Published 20 hours ago verified publisher icon OWASP

2.3.3

Open jmanico opened this issue 3 years ago • 3 comments

2.3.3 is not clear in terms of what we need to review for it. Please add more clarify to this requirement!!

jmanico avatar Feb 02 '22 09:02 jmanico

Currently:

2.3.3

Verify that renewal instructions are sent with sufficient time to renew time bound authenticators.

I would change to:

Verify that automated reminders are configured and acted on to ensure that renewal instructions for time-bound authenticators are sent with enough time to be carried out before the old authenticator expires.

Thoughts?

tghosth avatar Jun 22 '22 15:06 tghosth

See 2.3.3 (ASVS March 2019) Is unclear · Issue #628 · OWASP/ASVS

Sjord avatar Aug 13 '22 20:08 Sjord

Good spot, so I think it is like I said.

@jmanico do you approve of the following clarification?

Verify that automated reminders are configured and acted on to ensure that renewal instructions for time-bound authenticators are sent with enough time to be carried out before the old authenticator expires.

tghosth avatar Sep 13 '22 17:09 tghosth

@set-reminder 1 week work on this

tghosth avatar Dec 07 '22 17:12 tghosth

Reminder Wednesday, December 14, 2022 12:00 AM (GMT+01:00)

work on this

octo-reminder[bot] avatar Dec 07 '22 17:12 octo-reminder[bot]

🔔 @tghosth

work on this

octo-reminder[bot] avatar Dec 13 '22 23:12 octo-reminder[bot]