The application must use organization-defined replay-resistant authentication mechanisms for network access to non-privileged accounts.

Overview

Finding ID	Version	Rule ID	IA Controls	Severity
V-35414	SRG-APP-000157-MAPP-NA	SV-46701r1_rule		Medium

Description
An authentication process resists replay attacks if it is impractical to achieve a successful authentication by recording and replaying a previous authentication message. Techniques used to address this include protocols using nonce's (e.g., numbers generated for a specific one time use) or challenges (e.g., TLS, WS_Security), and time synchronous or challenge-response one-time authenticators. Rationale for non-applicability: The MOS SRG prohibits remote access to the mobile device. Similarly, mobile applications that support remote access are not within the scope of the MAPP SRG.

Description

An authentication process resists replay attacks if it is impractical to achieve a successful authentication by recording and replaying a previous authentication message. Techniques used to address this include protocols using nonce's (e.g., numbers generated for a specific one time use) or challenges (e.g., TLS, WS_Security), and time synchronous or challenge-response one-time authenticators. Rationale for non-applicability: The MOS SRG prohibits remote access to the mobile device. Similarly, mobile applications that support remote access are not within the scope of the MAPP SRG.

STIG	Date
Mobile Application Security Requirements Guide	2013-01-04

Details

Check Text ( C-43766r1_chk )
This requirement is NA for the MAPP SRG.

Fix Text (F-39958r1_fix)
The requirement is NA. No fix is required.