NIST SP 800-171 & CMMC 2.0 3.5.4 Requirement:
Employ replay-resistant authentication mechanisms for network access to privileged and non-privileged accounts.
NIST SP 800-171 & CMMC 2.0 3.5.4 Requirement Explanation:
Using secure authentication mechanisms can help prevent attackers from launching successful man-in-the-middle attacks. TLS is replay resistant, so using it to protect your network communications will meet this requirement.
Example NIST SP 800-171 & CMMC 2.0 3.5.4 Implementation:
Enable transport layer security (TLS) for access to your systems. Ensure that web based logins to your systems are protected (green lock in address bar). Use multifactor authentication to protect accounts accessed over the network.
NIST SP 800-171 & CMMC 2.0 3.5.4 Scenario(s):
- Scenario 1:
Using your internet browser you go to log into the admin page of a printer on your local network. Before logging in you notice that the connection is not secured with TLS and is unencrypted. You work with your team fix this so that connection to the page is protected with TLS.
Quick & Simple
Discover Our Cybersecurity Compliance Solutions:
Whether you need to meet and maintain your compliance requirements, help your clients meet them, or verify supplier compliance we have the expertise and solution for you
NIST SP 800-171 & CMMC Compliance
Become compliant, provide compliance services, or verify partner compliance with NIST SP 800-171 and CMMC requirements.
HIPAA Compliance
Become compliant, provide compliance services, or verify partner compliance with HIPAA security rule requirements.
FAR 52.204-21 Compliance
Become compliant, provide compliance services, or verify partner compliance with FAR 52.204-21 Basic Safeguarding of Covered Contractor Information Systems requirements.
ISO 27001 Compliance
Become compliant, provide compliance services, or verify partner compliance with ISO 27001 requirements.