3.5.4

Requirement

Implement replay-resistant authentication mechanisms for access to privileged and non-privileged accounts.

Discussion

Authentication processes resist replay attacks if it is impractical to successfully authenticate by recording or replaying previous authentication messages. Replay-resistant techniques include protocols that use nonces or challenges, such as time synchronous or challenge-response one-time authenticators.

NIST 800-171A r3 Assessment Guidance

Examine

[SELECT FROM: identification and authentication policy and procedures; system design documentation; system audit records; system configuration settings; list of privileged system accounts; system security plan; other relevant documents or records]
Interview

[SELECT FROM: mechanisms for supporting or implementing identification and authentication capabilities; mechanisms for supporting or implementing replay-resistance]
Test

[SELECT FROM: personnel with system operations responsibilities; personnel with account management responsibilities; personnel with information security responsibilities; system developers; system administrators]

ID	Assessment Objectives
A.03.05.04[01]	replay-resistant authentication mechanisms for access to privileged accounts are implemented.
A.03.05.04[02]	replay-resistant authentication mechanisms for access to non-privileged accounts are implemented.

Our CMMC Overview Course simplifies CMMC. Enroll so you can make informed decisions!