NIST SP 800-171 & CMMC 2.0 Control 3.5.2 Requirement:

Authenticate (or verify) the identities of those users, processes, or devices, as a prerequisite to allowing access to organizational information systems.

NIST SP 800-171 & CMMC 2.0 3.5.2 Requirement Explanation:

Before a person or a device is granted access to your system, require that they authenticate. The most common way to enforce authentication is using a username and a difficult-to-guess password.

Example NIST SP 800-171 & CMMC 2.0 3.5.2 Implementation:

Password protect your user accounts, and change any default passwords on your systems. Use group policy or Microsoft EndPoint manager to require the use of passwords on your Windows computers and servers.

NIST SP 800-171 & CMMC 2.0 3.5.2 Scenario(s):

- Scenario 1:

Alice, a system administrator, creates a group policy requiring all user accounts to be password protected.

- Scenario 2:

Alice, a system administrator received a new router in the mail. The router comes configured with a default password of "admin123". Alice changes the password to something complex that meets her company's password requirements.

Discover Our NIST SP 800-171 & CMMC 2.0 Solutions:


Compliance Accelerator

Power through compliance. Meet and maintain your NIST SP 800-171 & CMMC 2.0 compliance requirements.

Quantum Assessor

Transform your business. Create new revenue streams and provide scalability for your NIST SP 800-171 and CMMC 2.0 services.

Supply Chain Verifier

Trust is everything. Verify, monitor, and support subcontactor compliance.