IA.L2-3.5.4 Replay-Resistant Authentication

CMMC Practice IA.L2-3.5.4 – Replay-Resistant Authentication: Employ replay-resistant authentication mechanisms for network access to privileged and non-privileged accounts.

Links to Publicly Available Resources

Discussion [NIST SP 800-171 R2]
Authentication processes resist replay attacks if it is impractical to successfully authenticate by recording or replaying previous authentication messages. Replay-resistant techniques include protocols that use nonces or challenges such as time synchronous or challenge response one-time authenticators.
NIST SP 800-63-3 provides guidance on digital identities.

Further Discussion
When insecure protocols are used for access to computing resources, an adversary may be able to capture login information and immediately reuse (replay) it for other purposes. It is important to use mechanisms that resist this technique.