CMMC 1.0 Practice - IA.1.076
Identify information system users, processes acting on behalf of users, or devices.
CMMC 1.0 Practice - IA.1.077
Authenticate (or verify) the identities of those users, processes, or devices, as a prerequisite to allowing access to organizational information systems.
CMMC 1.0 Practice - IA.2.078
Enforce a minimum password complexity and change of characters when new passwords are created.
CMMC 1.0 Practice - IA.2.079
Prohibit password reuse for a specified number of generations.
CMMC 1.0 Practice - IA.2.080
Allow temporary password use for system logons with an immediate change to a permanent password.
CMMC 1.0 Practice - IA.2.081
Store and transmit only cryptographically protected passwords.
CMMC 1.0 Practice - IA.2.082
Obscure feedback of authentication information.
CMMC 1.0 Practice - IA.3.083
Use multi-factor authentication for local and network access to privileged accounts and for network access to nonprivileged accounts.
CMMC 1.0 Practice - IA.3.084
Employ replay-resistant authentication mechanisms for network access to privileged and non-privileged accounts.
CMMC 1.0 Practice - IA.3.085
Prevent the reuse of identifiers for a defined period.
CMMC 1.0 Practice - IA.3.086
Disable identifiers after a defined period of inactivity.