What does Master Policy Rule 3 require?

Master Policy Rule 3 focuses on enforcing one-time password access as a security measure. This requirement aims to enhance the security of privileged accounts by ensuring that each authentication session uses a unique password that is generated and used only once. The use of one-time passwords significantly mitigates the risk of password theft or replay attacks since even if a password is intercepted, it cannot be reused. Implementing this rule promotes stronger authentication practices and aligns with the broader goal of reducing risks associated with compromised credentials in privileged access scenarios.

In contrast, the other options represent different security policies that may not directly relate to the stipulations of Master Policy Rule 3. Enforcing dual control approval, requiring periodic password changes, and enforcing session isolation are all important security practices within the CyberArk framework, but they address different aspects of privileged access management and do not specifically pertain to the requirement outlined in Rule 3.