Communications Authenticity: Protect the authenticity of communications sessions.
Monarch ISC Guidance
Compliance here is about managing layers of defense-in-depth protections. SSL, the web technology that encrypts sessions between users and Internet-facing servers, multifactor authentication tools, and other layers that ensure a session is between trusted resources, and there is control against common spoofing, replay, and other man-in-the-middle attacks. For compliance, the practice, policy and plan to execute must be in place.
NIST SP 800-171 R2
Authenticity protection includes protecting against man-in-the-middle attacks, session hijacking, and the insertion of false information into communications sessions. This requirement addresses communications protection at the session versus packet level (e.g., sessions in service-oriented architectures providing web-based services) and establishes grounds for confidence at both ends of communications sessions in ongoing identities of other parties and in the validity of information transmitted.
NIST SP 800-77, NIST SP 800-95, and NIST SP 800-113 provide guidance on secure communications sessions.