bigforceone
NIST 800-171 r3 · System and Communications Protection

03.13.15

What this control requires

Source: NIST SP 800-171 R3 §03.13.15 (official control text).

Why this matters

Session authenticity protects ongoing communications from adversary-in-the-middle attacks, session hijacking, and information injection. When employees access systems remotely or exchange data over networks, attackers can intercept and manipulate sessions in real time—reading sensitive data, altering commands, or impersonating legitimate users. This control requires mechanisms that continuously verify both parties' identities throughout a connection and detect tampering, ensuring that what arrives is what was sent and that no third party has inserted themselves into the conversation. It defends the integrity of business operations and prevents unauthorized access masquerading as legitimate traffic.

What evidence assessors expect

Assessors typically look for: screenshot, configuration export, log file. FORCE coaches you through the exact implementation steps and captures each artifact in-platform.

Related controls

SC.L2-3.13.15

See your live posture on 03.13.15.

FORCE shows where you stand on this control and walks you through closing it.

Start a free trial tenant →
← All controls