IA-2(8)—Identification And Authentication (Organizational Users)

PBMM (P2)

Secret (P2)

Technical

>Control Description

IDENTIFICATION AND AUTHENTICATION | NETWORK ACCESS TO PRIVILEGED ACCOUNTS - REPLAY RESISTANT The information system implements replay-resistant authentication mechanisms for network access to privileged accounts.

>Supplemental Guidance

Authentication processes resist replay attacks if it is impractical to achieve successful authentications by replaying previous authentication messages. Replay-resistant techniques include, for example, protocols that use nonces or challenges such as Transport Layer Security (TLS) and time synchronous or challenge-response one-time authenticators.

>Tailoring Guidance

This security control/enhancement can be met using readily available Commercial-Off-The-Shelf (COTS) components. Consequently, inclusion in a departmental profile is strongly encouraged in most cases. The vast majority of authentication mechanisms presently available from vendors are replay-resistant.

Consequently, an organization should make every effort to use one of these.

>Profile-Specific Parameters

replay [Authorizer-defined replay mechanisms]

Ask AI

Configure your API key to use AI features.