Employ replay-resistant authentication mechanisms
Identification and Authentication · NIST SP 800-171 Rev 2
Requirement
Employ replay-resistant authentication mechanisms for network access to privileged and non-privileged accounts.
Discussion
Authentication processes resist replay attacks if it is impractical to successfully authenticate by recording or replaying previous authentication messages. Replay-resistant techniques include protocols that use nonces or challenges such as time synchronous or challenge-response one-time authenticators. [SP 800-63-3] provides guidance on digital identities.
How this affects your SPRS score
Under the DoD Assessment Methodology, a perfect SPRS score is 110. If this control is not met, 1 point is subtracted from your score.
Want your estimated SPRS score?
Answer 15 quick questions covering the highest-impact controls and get an instant estimate.
Estimate my SPRS score →Source: NIST SP 800-171 Rev 2 (public domain) · SPRS weighting per the DoD Assessment Methodology · This is reference information, not an official assessment.