IA-2(8): Access to Accounts – Replay Resistant
Control Family:
Threats Addressed:
Baselines:
- Low
- Moderate
- High
Previous Version:
- NIST Special Publication 800-53 Revision 4:
- IA-2(8): Network Access To Privileged Accounts – Replay Resistant
Incorporates the following control from the previous version: IA-2(9): Network Access To Non-Privileged Accounts – Replay Resistant.
Control Statement
Implement replay-resistant authentication mechanisms for access to [Assignment (one or more): privileged accounts, non-privileged accounts].
Supplemental Guidance
Authentication processes resist replay attacks if it is impractical to achieve successful authentications by replaying previous authentication messages. Replay-resistant techniques include protocols that use nonces or challenges such as time synchronous or cryptographic authenticators.