03.05.10 —
What this control requires
Source: NIST SP 800-171 R3 §03.05.10 (official control text).
Why this matters
This control requires organizations to protect the authenticity of communications sessions, ensuring that data exchanges occur between verified parties and have not been tampered with during transmission. Without session authenticity protections, attackers can hijack active connections, inject malicious commands, or impersonate legitimate users to exfiltrate sensitive information. This is particularly critical for administrative sessions, remote access, and any communication involving CUI, where a man-in-the-middle attack could compromise entire systems or datasets. Session authenticity mechanisms like mutual authentication and cryptographic binding prevent adversaries from masquerading as trusted endpoints.
What evidence assessors expect
Assessors typically look for: screenshot, configuration export, PDF. FORCE coaches you through the exact implementation steps and captures each artifact in-platform.
Related controls
See your live posture on 03.05.10.
FORCE shows where you stand on this control and walks you through closing it.
Start a free trial tenant →