Reference: CMMC 2.0
Level Introduced: 2
Title: Communications Authenticity
Protect the authenticity of communications sessions.
The authentication of a session refers to a user entering login credentials to identify themselves to establish communication to the system. As the communication is established a unique session id is generated to identify the user session as authenticated. Organizations need to develop and implement the necessary controls to validate the identification and protect the session id from attacks such as hijacking.
You are an IT administrator at your organization. You ensure that the two-factor user authentication mechanism for the servers is setup and configured correctly. You maintain the digital certificate your company purchased and replace it with a new one before the old on expires. You ensure the TLS configuration settings on the web servers, VPN solution, and other components that use TLS are correct, using secure settings that address risks against attacks on the encrypted sessions.