3.5.4 has a weight of -1 points

(Identification and Authentication Family 4/11

Employ replay-resistant authentication mechanisms for network access to privileged and non-privileged accounts.

Video

Example of Sysytem Security Plan (SSP):

Our organization relies on modern authentication protocols like Kerberos, which are inherently replay resistant. They include mechanisms that ensure the authentication handshake is current and not a reused recording of network traffic.

1. Compliance Requirements

All devices and systems within the organization must run the newest iOS or Windows update to maintain compliance with our replay resistant authentication policy. I

2 Implementation Procedure

  • Ensure all devices are running the latest versions of iOS or Windows.
  • Disable or remove any older, vulnerable authentication protocols like NTLM.
  • Regularly monitor and update systems to maintain the highest level of security.

Example of Plan of Action and Milestones ( POA & M):

1. Compliance Requirements

a. Objective: Ensure that all devices and systems are updated to the latest versions of iOS or Windows.

b. Action Steps:

  • Identify all devices running outdated versions.
  • Schedule updates during non-peak hours.
  • Confirm successful update installation.

c. Timeline: 30 days

d. Responsibility: IT Department

2. Implementation Procedure

a. Objective: Disable or remove any older, vulnerable authentication protocols like NTLM.

b. Action Steps:

  • Inventory existing systems to identify those still using NTLM or other vulnerable protocols.
  • Develop and deploy a patch or configuration change to disable these protocols.
  • Verify the successful implementation and provide a report.

c. Timeline: 15 days

d. Responsibility: Security Team

a. Objective: Regularly monitor and update systems to maintain the highest level of security.

b. Action Steps:

  • Implement continuous monitoring solutions.
  • Schedule regular security assessments and updates.
  • Develop a feedback loop for constant improvement.

c. Timeline: Ongoing

d. Responsibility: Security Operations Center (SOC)

3. Monitoring and Reporting

Ongoing oversight will be provided by the Information Security Office, with monthly status reports to senior management. This will include tracking progress against the plan, identifying any obstacles or delays, and proposing corrective actions as needed.

RELEVANT INFORMATION:

Authentication processes resist replay attacks if it is impractical to successfully authenticate by recording or replaying previous authentication messages. Replay-resistant techniques include protocols that use nonces or challenges such as time synchronous or challenge-response one-time authenticators. [SP 800-63-3] provides guidance on digital identities.



Resources to consider:

Security Policy Document:

This comprehensive document outlines the organization’s security policies and procedures, including information system access controls and the specific measures implemented, such as password protection, multi-factor authentication, and device access controls. It should also cover consequences of unauthorized access and the importance of user training and awareness.

Asset Inventory and Access Control Sheet:

Create a spreadsheet that lists all information system resources in your organization, such as laptops, desktops, servers, network devices, printers, scanners, mobile devices, and paper documents. Alongside each resource, include information about authorized users, access rights, and any access restrictions.

User Account Management Log:

Maintain a log to track user account creation, modification, and removal. Include details like the date of account creation, purpose, and the individual responsible for approving the account.

Password and Multi-Factor Authentication Policy:

Combine the password policy and multi-factor authentication policy into a single document. Outline the organization’s password requirements, including complexity, length, expiration, and regular password change, as well as the implementation of multi-factor authentication for an extra layer of security.

Process and Script Accountability Log:

Maintain a log that associates automated scripts and processes with the specific authorized user who initiated them. This ensures accountability and prevents the use of generic accounts for critical processes.

Device Access Control and VPN Policy:

Merge the device access control and VPN configuration documents into a single policy. Detail the measures for controlling device access, authentication mechanisms, and VPN configuration, including which devices are allowed to connect and the authentication methods used.

Access Control Review and Monitoring Schedule:

Create a schedule for periodic reviews of access controls, including the process for adding, modifying, or revoking access rights based on personnel changes or business needs. Also, document the monitoring mechanisms implemented to track access to the information system, including logs and reports of access attempts and unusual activities.

User Training and Awareness Materials:

Prepare training materials and conduct regular sessions for authorized users. Document the topics covered, the date of the training, and the attendees.