CMMC 1.0 Practice IA.2.080 Requirement:
Allow temporary password use for system logons with an immediate change to a permanent password.
CMMC 1.0 IA.2.080 Requirement Explanation:
Temporary passwords often follow a consistent style (e.g. ChangeMe2020!), this means that they can be more easily guessed by an attacker. If users are forced to change their password upon receiving a temporary one you can reduce this risk. For added security you can provide employees with a randomly generated password when they request a reset.
Example CMMC 1.0 IA.2.080 Implementation:
When providing a temporary password to a user set their account to require a password reset upon login. An example of when this will need to be done is when providing a password to a new employee or when an employee requests a password reset.
CMMC 1.0 IA.2.080 Scenario(s):
- Scenario 1:
John has requested a new password. Alice resets his password and sets his account to require a new password upon login. Alice provides John with the password, when John logs in he is required to set a new one.
Discover Our Cybersecurity Complaince Solutions:
NIST SP 800-171 & CMMC Compliance
Whether you need to meet and maintain your NIST SP 800-171 & CMMC 2.0 compliance requirements, help your clients meet them, or verify sub-contractor compliance we have the expertise and solution for you.
Whether you need to meet and maintain your HIPAA compliance requirements or help your clients meet them we have the expertise and solution for you.