NIST 800-171 • LEVEL 2 • SYSTEM AND COMMUNICATIONS PROTECTION

3.13.15Session Authenticity

Protecting session authenticity addresses communications protection at the session level, not at the packet level. Such protection establishes grounds for confidence at both ends of the communications sessions in the ongoing identities of other parties and the validity of the transmitted information. Authenticity protection includes protecting against adversary-in-the-middle attacks, session hijacking, and the insertion of false information into sessions.

CMMC Practice Mapping

NIST 800-53 Controls

SC-28

Assessment Objectives

  • the authenticity of communications sessions is protected.

Practitioner Notes

Session authenticity means both sides of a network conversation can trust that they are talking to who they think they are talking to, and that the data has not been tampered with in transit. This protects against man-in-the-middle attacks and session hijacking.

Example 1: Enforce TLS 1.2+ on all internal web applications and services. On IIS, disable older protocols using the IIS Crypto tool or by editing the registry under HKLM\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols. Disable TLS 1.0, TLS 1.1, SSL 2.0, and SSL 3.0 by setting their Enabled DWORD to 0.

Example 2: Enable SMB signing on all domain-joined systems via GPO: Computer Configuration > Windows Settings > Security Settings > Local Policies > Security Options -- set Microsoft network client: Digitally sign communications (always) and Microsoft network server: Digitally sign communications (always) to Enabled. This prevents SMB relay and man-in-the-middle attacks on file shares.

Related NIST 800-171 Requirements

3.13.1 Boundary Protection 3.13.2 Employ Architectural Designs, Software Development Techniques, and Systems Engineering Principles That Promote Effective Information Security 3.13.3 Separate User Functionality from System Management Functionality 3.13.4 Information in Shared System Resources