NIST SP 800-171 & CMMC 2.0 - 3.5.1
Identify information system users, processes acting on behalf of users, or devices.
NIST SP 800-171 & CMMC 2.0 - 3.5.2
Authenticate (or verify) the identities of those users, processes, or devices, as a prerequisite to allowing access to organizational information systems.
NIST SP 800-171 & CMMC 2.0 - 3.5.7
Enforce a minimum password complexity and change of characters when new passwords are created.
NIST SP 800-171 & CMMC 2.0 - 3.5.8
Prohibit password reuse for a specified number of generations.
NIST SP 800-171 & CMMC 2.0 - 3.5.9
Allow temporary password use for system logons with an immediate change to a permanent password.
NIST SP 800-171 & CMMC 2.0 - 3.5.10
Store and transmit only cryptographically protected passwords.
NIST SP 800-171 & CMMC 2.0 - 3.5.11
Obscure feedback of authentication information.
NIST SP 800-171 & CMMC 2.0 - 3.5.3
Use multi-factor authentication for local and network access to privileged accounts and for network access to nonprivileged accounts.
NIST SP 800-171 & CMMC 2.0 - 3.5.4
Employ replay-resistant authentication mechanisms for network access to privileged and non-privileged accounts.
NIST SP 800-171 & CMMC 2.0 - 3.5.5
Prevent the reuse of identifiers for a defined period.
NIST SP 800-171 & CMMC 2.0 - 3.5.6
Disable identifiers after a defined period of inactivity.