3.5.4

Requirement

Employ replay-resistant authentication mechanisms for network access to privileged and non-privileged accounts.

Discussion

Authentication processes resist replay attacks if it is impractical to successfully authenticate by recording or replaying previous authentication messages. Replay-resistant techniques include protocols that use nonces or challenges such as time synchronous or challenge-response one-time authenticators. [SP 800-63-3] provides guidance on digital identities.

NIST 800-171A Assessment Guidance

Examine

[SELECT FROM: Identification and authentication policy; procedures addressing user identification and authentication; security plan; system design documentation; system configuration settings and associated documentation; system audit logs and records; list of privileged system accounts; other relevant documents or records].
Interview

[SELECT FROM: Personnel with system operations responsibilities; personnel with account management responsibilities; personnel with information security responsibilities; system or network administrators; system developers].
Test

[SELECT FROM: Mechanisms supporting or implementing identification and authentication capability or replay resistant authentication mechanisms].

ID	Assessment Objectives
3.5.4[a]	Replay-resistant authentication mechanisms are implemented for all network account access to privileged and non-privileged accounts.

Our CMMC Overview Course simplifies CMMC. Enroll so you can make informed decisions!