NIST SP 800-171
Control 3.13.15
Protect Authenticity of Communications Sessions
CMMC-RP Certified Team
24+ Years Experience
2,500+ Clients Served
Official Requirement
Protect the authenticity of communications sessions.
What This Means in Plain English
Communication sessions must be protected from hijacking and man-in-the-middle attacks. Both parties in a communication should be able to verify the identity of the other party and the integrity of the session.
How Petronella Implements This Control
Petronella Technology Group implements this control through:
- TLS with certificate validation protecting web communication sessions
- Kerberos mutual authentication for internal Windows communications
- IPSec with IKEv2 providing authenticated and encrypted site-to-site communications
- DNSSEC protecting DNS query integrity where supported
- FortiGate deep packet inspection detecting session hijacking attempts
Assessment Guidance
Assessors will verify that communication sessions use authenticated encryption, test for man-in-the-middle vulnerabilities, check TLS certificate validation, and confirm that session authentication mechanisms are functioning.
Common Implementation Gaps
- Self-signed certificates without proper validation
- No mutual authentication for critical communications
- HTTP used for sensitive web applications instead of HTTPS
- No DNSSEC implementation
- Session tokens vulnerable to hijacking (predictable, not bound to client)
Cross-Framework Mapping
| Framework | Mapped Controls |
|---|---|
| NIST SP 800-53 | SC-23 |
Need Help Implementing 3.13.15?
Our CMMC-RP certified team can assess your current compliance posture and build a remediation plan.
Schedule a Compliance Assessment