3.13.15

Requirement

Protect the authenticity of communications sessions.

Discussion

Protecting session authenticity addresses communications protection at the session level, not at the packet level. Such protection establishes grounds for confidence at both ends of the communications sessions in the ongoing identities of other parties and the validity of the transmitted information. Authenticity protection includes protecting against adversary-in-the-middle attacks, session hijacking, and the insertion of false information into sessions.

NIST 800-171A r3 Assessment Guidance

Examine

[SELECT FROM: system and communications protection policy and procedures; procedures for session authenticity; system design documentation; system configuration settings; system audit records; system security plan; other relevant documents or records]
Interview

[SELECT FROM: mechanisms for supporting or implementing session authenticity]
Test

[SELECT FROM: personnel with information security responsibilities; system administrators]

CMMC Training

Our CMMC Overview Course simplifies CMMC. Enroll so you can make informed decisions!