The application must use organization-defined replay-resistant authentication mechanisms for network access to privileged accounts.

Overview

Finding ID	Version	Rule ID	IA Controls	Severity
V-35413	SRG-APP-000156-MAPP-NA	SV-46700r1_rule		Medium

Description
An authentication process resists replay attacks if it is impractical to achieve a successful authentication by recording and replaying a previous authentication message. Techniques used to address this include protocols using nonce's (e.g., numbers generated for a specific one time use) or challenges (e.g., TLS, WS_Security), and time synchronous or challenge-response one-time authenticators. Rationale for non-applicability: Mobile applications that support remote access are not within the scope of this SRG.

Description

An authentication process resists replay attacks if it is impractical to achieve a successful authentication by recording and replaying a previous authentication message. Techniques used to address this include protocols using nonce's (e.g., numbers generated for a specific one time use) or challenges (e.g., TLS, WS_Security), and time synchronous or challenge-response one-time authenticators. Rationale for non-applicability: Mobile applications that support remote access are not within the scope of this SRG.

STIG	Date
Mobile Application Security Requirements Guide	2013-01-04

Details

Check Text ( C-43765r1_chk )
This requirement is NA for the MAPP SRG.

Fix Text (F-39957r1_fix)
The requirement is NA. No fix is required.