CMMC 2.0 • LEVEL 2 • SYSTEM & COMMUNICATIONS PROTECTION

SC.L2-3.13.15Session Authenticity

Protecting session authenticity addresses communications protection at the session level, not at the packet level. Such protection establishes grounds for confidence at both ends of the communications sessions in the ongoing identities of other parties and the validity of the transmitted information. Authenticity protection includes protecting against adversary-in-the-middle attacks, session hijacking, and the insertion of false information into sessions.

NIST 800-171 Mapping

NIST 800-53 Controls

SC-28

Assessment Objectives

  • the authenticity of communications sessions is protected.

Practitioner Notes

Practitioner commentary coming soon.

Related CMMC 2.0 Practices

SC.L1-3.13.1 Boundary Protection SC.L2-3.13.2 Employ Architectural Designs, Software Development Techniques, and Systems Engineering Principles That Promote Effective Information Security SC.L2-3.13.3 Separate User Functionality from System Management Functionality SC.L2-3.13.4 Information in Shared System Resources