V2.7 — Out of Band Verifier
Out of Band Verifier: 6 L3 requirement(s). V2.7.1: Verify that clear text out of band (NIST "restricted") authenticators, such as SMS or PSTN, are not offered by default, ... V2.7.2: Verify that the out of band verifier expires out of band authentication requests, codes, or tokens after 10 minutes. V2.7.3: Verify that the out of band verifier authentication requests, codes, or tokens are only usable once, and only for the or... ... and 3 more.
| Property | Value |
|---|---|
| Section | V2.7 |
| Owner | platform |
Mapped Controls
| Control | Title |
|---|---|
| SID-ARCH-01 | Platform Architecture Non-Applicability Register |
Source: OWASP Application Security Verification Standard 4.0.3