IA-02(08) Access to Accounts — Replay Resistant

Implement replay-resistant authentication mechanisms for access to ia-02.08_odp.

Parameter ID Definition
ia-02.08_odp

Selection (one-or-more):

  • privileged accounts
  • non-privileged accounts

Baselines

Guidance

Authentication processes resist replay attacks if it is impractical to achieve successful authentications by replaying previous authentication messages. Replay-resistant techniques include protocols that use nonces or challenges such as time synchronous or cryptographic authenticators.