03.05.04 —

What this control requires

Source: NIST SP 800-171 R3 §03.05.04 (official control text).

Why this matters

Replay-resistant authentication prevents attackers from capturing valid authentication credentials during transmission and reusing them to gain unauthorized access. Without replay resistance, an adversary who intercepts login traffic can impersonate legitimate users by simply replaying the captured authentication message, even without cracking passwords. This control protects systems from man-in-the-middle attacks and credential theft by ensuring each authentication attempt is unique and time-bound. Organizations must implement authentication mechanisms that use unpredictable elements like time-synchronized tokens, challenge-response protocols, or cryptographic nonces that cannot be reused. This safeguards access to CUI systems against sophisticated network-based attacks where credentials are stolen in transit.

What evidence assessors expect

Assessors typically look for: screenshot, CSV export, configuration export. FORCE coaches you through the exact implementation steps and captures each artifact in-platform.

Related controls