IA-02(08)—Identification and Authentication (organizational Users) | Access to Accounts — Replay Resistant
Low
Moderate
>Control Description
Implement replay-resistant authentication mechanisms for access to [Selection (one or more): privileged accounts; non-privileged accounts].
>Discussion
Authentication processes resist replay attacks if it is impractical to achieve successful authentications by replaying previous authentication messages. Replay-resistant techniques include protocols that use nonces or challenges such as time synchronous or cryptographic authenticators.
>Cross-Framework Mappings
Ask AI
Configure your API key to use AI features.