3.5.4: Employ replay-resistant authentication mechanisms for network access to privileged and non-privileged accounts
Control Family:
Control Type:
Derived
CSF v1.1 References:
Discussion
Authentication processes resist replay attacks if it is impractical to successfully authenticate by recording or replaying previous authentication messages. Replay-resistant techniques include protocols that use nonces or challenges such as time synchronous or challenge-response one-time authenticators.
[SP 800-63-3] provides guidance on digital identities.