NIST 800-171 - Anti-replay Authentication (3.5.4)

Overview:
Employ replay-resistant authentication mechanisms for network access to privileged and non-privileged accounts.

Action Items:
3.5.4[a]
Determine if: replay-resistant authentication mechanisms are implemented for network account access to privileged and non-privileged accounts.

POTENTIAL ASSESSMENT METHODS AND OBJECTS

1
Examine: Identification and authentication policy; procedures addressing user identification and authentication; system security plan; system design documentation; system configuration settings and associated documentation; system audit logs and records; list of privileged system accounts; other relevant documents or records].

2
Interview: Personnel with system operations responsibilities; personnel with account management responsibilities; personnel with information security responsibilities; system or network administrators; system developers].

3
Test: Mechanisms supporting or implementing identification and authentication capability or replay resistant authentication mechanisms].

Related Documents (document name and content will vary by organization):
1) Identification and authentication policy
2) procedures addressing user identification and authentication
3) system security plan
4) system design documentation
5) system configuration settings and associated documentation
6) system audit logs and records
7) list of privileged system accounts
8) other relevant documents or records

Additional Guidance:
Authentication processes resist replay attacks if it is impractical to successfully authenticate by recording or replaying previous authentication messages. Replay-resistant techniques include, for example, protocols that use nonces or challenges such as time synchronous or challenge-response one-time authenticators. NIST Special Publication 800-63 provides guidance on digital identities.