Implement replay-resistant authentication mechanisms for access to [Selection (one or more): privileged accounts; non-privileged accounts].
|
|
| Control Identifier | IA-2(8) |
| Latest Sync Date | 19/12/24 09:18:14 |
| Discussion | Authentication processes resist replay attacks if it is impractical to achieve successful authentications by replaying previous authentication messages. Replay-resistant techniques include protocols that use nonces or challenges such as time synchronous or cryptographic authenticators. |
| Related Controls | None. |