CMMC 2.0 • LEVEL 2 • IDENTIFICATION & AUTHENTICATION

IA.L2-3.5.4Replay-Resistant Authentication

Authentication processes resist replay attacks if it is impractical to successfully authenticate by recording or replaying previous authentication messages. Replay-resistant techniques include protocols that use nonces or challenges, such as time synchronous or challenge-response one-time authenticators.

NIST 800-171 Mapping

NIST 800-53 Controls

IA-2(8)IA-2(9)

Assessment Objectives

  • replay-resistant authentication mechanisms for access to privileged accounts are implemented.
  • replay-resistant authentication mechanisms for access to non-privileged accounts are implemented.

Practitioner Notes

Practitioner commentary coming soon.

Related CMMC 2.0 Practices

IA.L1-3.5.1 User Identification and Authentication IA.L1-3.5.2 Device Identification and Authentication IA.L2-3.5.3 Multi-Factor Authentication IA.L2-3.5.5 Identifier Management