CMMC Practice IA.L2-3.5.4

Employ replay-resistant authentication mechanisms for network access to privileged and non-privileged accounts.

Bold Coast Security Guidance

Most systems today, such as Active Directory, will utilize protocols and authentication methods which prevent this type of attack. These systems use a multi-step process which involves an element of time to detect and halt the attack.

Discussion From Source

DRAFT NIST SP 800-171 R2 Authentication processes resist replay attacks if it is impractical to successfully authenticate by recording or replaying previous authentication messages . Replay-resistant techniques include protocols that use nonces or challenges such as time synchronous or challenge-response one-time authenticator.