NIST SP 800-171 & CMMC 2.0 3.5.10 Requirement:
Store and transmit only cryptographically protected passwords.
NIST SP 800-171 & CMMC 2.0 3.5.10 Requirement Explanation:
If an attacker gets a hold of an unencrypted password he can gain access to your systems. By storing them as a one way hash it is more difficult for an attacker to use them.
Example NIST SP 800-171 & CMMC 2.0 3.5.10 Implementation:
Ensure that your passwords are stored on your systems using a "one-way hash". Many systems such as Active Directory and Windows 10 do this be default. Confirm that your systems are in fact storing your password cryptographically by configuring them to do so. DISA security technical implementation guides often contain settings for ensuring that passwords are stored in encrypted form.
NIST SP 800-171 & CMMC 2.0 3.5.10 Scenario(s):
- Scenario 1:
Your company's systems use active directory for authentication. Active directory stores passwords as one-way hashes and transmits them in an encrypted format.
Quick & Simple
Discover Our Cybersecurity Compliance Solutions:
Whether you need to meet and maintain your compliance requirements, help your clients meet them, or verify supplier compliance we have the expertise and solution for you
NIST SP 800-171 & CMMC Compliance
Become compliant, provide compliance services, or verify partner compliance with NIST SP 800-171 and CMMC requirements.
HIPAA Compliance
Become compliant, provide compliance services, or verify partner compliance with HIPAA security rule requirements.
FAR 52.204-21 Compliance
Become compliant, provide compliance services, or verify partner compliance with FAR 52.204-21 Basic Safeguarding of Covered Contractor Information Systems requirements.
ISO 27001 Compliance
Become compliant, provide compliance services, or verify partner compliance with ISO 27001 requirements.