Reference: CMMC 2.11
Family: SC
Level Introduced: 2
Title: Communications Authenticity
Practice:
Protect the authenticity of communications sessions.
CMMC Clarification:
The authentication of a session refers to a user entering login credentials to identify themselves to establish communication to the system. As the communication is established a unique session id is generated to identify the user session as authenticated. Organizations need to develop and implement the necessary controls to validate the identification and protect the session id from attacks such as hijacking.
Example
You are an IT administrator at your organization. You ensure that the two-factor user authentication mechanism for the servers is setup and configured correctly. You maintain the digital certificate your company purchased and replace it with a new one before the old on expires. You ensure the TLS configuration settings on the web servers, VPN solution, and other components that use TLS are correct, using secure settings that address risks against attacks on the encrypted sessions.
Implementation Strategies
This is for registered users only. Please sign up for a free account, or Login, to see complete cross references to other standards and frameworks.
NIST 800-171 Requirements (1)
This is for registered users only. Please sign up for a free account, or Login, to see complete cross references to other standards and frameworks.
NIST 800-53 Controls (1)
This is for registered users only. Please sign up for a free account, or Login, to see complete cross references to other standards and frameworks.