IA.L2-3.5.4—Replay-Resistant Authentication
Level 2
800-171: 3.5.4
>Control Description
Employ replay-resistant authentication mechanisms for network access to privileged and non-privileged accounts.
>Cross-Framework Mappings
>Assessment Interview Topics
Questions assessors commonly ask
Process & Governance:
- •What is your policy for implementing replay-resistant authentication?
- •What technologies do you use to prevent authentication replay attacks?
- •How do you verify that authentication mechanisms are replay-resistant?
- •Who is responsible for selecting and approving replay-resistant authentication methods?
Technical Implementation:
- •What authentication protocols provide replay resistance (Kerberos, challenge-response)?
- •How do you implement nonces or timestamps to prevent replay?
- •What mechanisms ensure authentication cannot be replayed?
- •What cryptographic techniques provide replay resistance?
- •How do you verify authentication is replay-resistant?
Evidence & Documentation:
- •What authentication policy documentation can you provide?
- •What password policy settings and configurations can you show?
- •What MFA enrollment and usage reports demonstrate compliance?
- •What account management documentation shows account lifecycle?
- •What authentication logs demonstrate enforcement?
- •What screenshots show authentication configurations?
Ask AI
Configure your API key to use AI features.