IA-2(8): Access to Accounts – Replay Resistant

CSF v1.1 References:

Threats Addressed:

Baselines:

  • Low
  • Moderate
  • High

Previous Version:

Info icon.

Incorporates the following control from the previous version of the control set: IA-2(9): Network Access To Non-Privileged Accounts – Replay Resistant.

Control Statement

Implement replay-resistant authentication mechanisms for access to [Assignment (one or more): privileged accounts, non-privileged accounts].

Supplemental Guidance

Authentication processes resist replay attacks if it is impractical to achieve successful authentications by replaying previous authentication messages. Replay-resistant techniques include protocols that use nonces or challenges such as time synchronous or cryptographic authenticators.